Hackers drained roughly $3.5 million from three vaults on the Sui-based Volo Protocol early Wednesday, according to coindesk.com.
The breach targeted vaults holding wrapped bitcoin (WBBTC), Matridock's tokenized gold token (XAUm), and the USDC stablecoin. Other vaults within the protocol remained unaffected by the attack.
"The ~$28M in TVL across all other Volo vaults is safe. The exploit was isolated to 3 specific vaults, and we have confirmed no shared attack vector exists with the remaining vaults," the protocol stated in a post on X, as reported by coindesk.com.
Volo Protocol officials said the platform is prepared to absorb the financial loss to protect its users. The protocol has frozen all vaults and is currently working with the Sui Foundation and onchain investigators to trace the stolen funds.
DeFi security trends
Coordinated efforts have already allowed the protocol to freeze $500,000 in assets to prevent further movement. However, the majority of the stolen assets are still being tracked by investigators.
This incident follows closely on the heels of the KelpDAO exploit, where an attacker minted unbacked liquid restaking tokens to drain millions. The recent wave of attacks has caused liquidity shifts in other major platforms, including Aave, where users moved funds due to heightened uncertainty, according to the outlet.
Data from DeFiLlama indicates that decentralized finance has lost approximately $7.78 billion to hacks. Another $2.90 billion in losses is attributed to bridge protocols, bringing total crypto losses from exploits to over $10 billion.
Volo Protocol plans to release a full post-mortem once the investigation and remediation steps are finalized.
