Volo Protocol, a liquid staking platform operating on the Sui blockchain, reported Tuesday that an exploit drained approximately $3.5 million from its vaults.
According to a report by The Block, the attack targeted specific asset pools, including WBTC, XAUm, and USDC. The protocol notified the Sui Foundation and ecosystem partners immediately after the breach was detected.
Developers froze the affected vaults to prevent further losses. Volo stated that while the specific vaults were compromised, other parts of the protocol remain unaffected.
"The ~$28M in TVL across all other Volo vaults is safe," the protocol stated in a post on X. "We want to be clear: Volo is prepared to absorb this loss. We will do our best not to pass this to our users."
Recovery efforts underway
Within 30 minutes of the initial announcement, Volo confirmed it had successfully frozen $500,000 of the exploited assets. The team has not yet identified the specific vulnerability or the perpetrator behind the attack.
As the team works toward a post-mortem and remediation plan, all compromised vaults will remain frozen. Volo emphasized its commitment to maintaining user trust through direct action.
"We understand that trust is earned, and right now, we are focused entirely on actions," the protocol wrote.
This security breach follows a recent $292 million exploit on Kelp DAO, a cross-chain bridge powered by LayerZero. Investigators have linked that separate incident to the North Korean-affiliated Lazarus hacker group.
