Sui Network's Volo Protocol Falls Victim to $3.5M Security Breach in Latest DeFi Attack
A $3.5 million security exploit has compromised specific vaults on the Volo Protocol, prompting the platform to freeze affected assets and initiate recovery procedures as investigations continue.
The Volo decentralized finance (DeFi) protocol has revealed a security compromise resulting in the theft of digital assets worth roughly $3.5 million, representing yet another attack in an ongoing wave of exploits targeting the DeFi sector.
According to a Wednesday statement shared on X, the development team confirmed that certain vaults were compromised, with stolen assets including Wrapped Bitcoin (WBTC), Matrixdock Gold XAUm and USDC.
"We detected the attack, immediately notified the Sui Foundation and ecosystem partners to contain the damage, and froze the vaults to prevent any further exposure,"the team wrote.
According to the protocol's disclosure, approximately $28 million in total value locked within other vaults remains secure, as the security breach was confined to three separate vaults with no indication of a broader vulnerability across the platform. The team also stated its intention to cover the financial losses internally without transferring the burden to its user base, although specific details regarding any compensation strategy remain undisclosed.
Operating as a liquid staking DeFi platform built on the Sui blockchain, Volo enables users to stake their Sui (SUI) tokens and receive voloSUI (VSUI) tokens in exchange. The timing of this incident is particularly concerning for the DeFi sector, as it follows closely behind the weekend breach of Kelp, another liquid restaking protocol that suffered losses of approximately $293 million, creating widespread concern throughout the ecosystem.
Volo freezes a portion of lost funds
Through two consecutive announcements, Volo disclosed that it has successfully frozen or blocked approximately $2 million of the compromised funds to date. The protocol's initial announcement revealed that around $500,000 associated with the security breach had been successfully frozen. A subsequent communication from the team indicated that they had effectively prevented the attacker from bridging 19.6 WBTC, thereby securing those assets away from the hacker's reach.
"We are now working with ecosystem partners to determine the best path to return these funds to Volo,"the protocol wrote.
Crypto hacks claim $17 billion in 10 years
Previous reporting from Cointelegraph indicates that cryptocurrency thefts have exceeded $17 billion over the last ten years, with compromised private keys representing one of the primary attack vectors, based on data from DefiLlama.
Analysis reveals that approximately 22.3% of security incidents can be attributed to brute-force key compromises, 18.2% to unidentified attack methods and 10% to phishing attacks targeting multi-signature wallets. These statistics demonstrate that a significant portion of the most substantial financial losses originate from wallet security failures and user-level vulnerabilities as opposed to flaws within protocol code.