Volo Protocol, a Sui-based liquid staking platform, said Tuesday that it has suffered an exploit that drained roughly $3.5 million in assets.
In a post on social media platform X, Volo stated that the attack affected assets in the protocol's WBTC, XAUm, and USDC vaults. The protocol wrote that it immediately notified the Sui Foundation and ecosystem partners and froze the vaults to limit the impact.
Volo noted that all vaults will remain frozen pending a full post-mortem and remediation, and that other vaults do not carry the same vulnerability and are safe.
"The ~$28M in TVL across all other Volo vaults is safe," the statement said. "We want to be clear: Volo is prepared to absorb this loss. We will do our best not to pass this to our users."
Less than 30 minutes after the initial announcement, Volo said that it had successfully frozen $500,000 in assets that were exploited.
"We understand that trust is earned, and right now, we are focused entirely on actions," Volo wrote. The protocol has not revealed the vulnerability that led to the attack or the suspected identity of the attacker.
The Volo exploit comes on the heels of the $292 million exploit on LayerZero-powered cross-chain bridge Kelp DAO, which investigators have linked to North Korea's Lazarus hacker group.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
