Key Takeaways
- A security breach on Volo Protocol, a Sui blockchain liquid staking service, resulted in losses totaling approximately $3.5 million
- Three separate vaults containing WBTC, XAUm, and USDC were compromised in the incident
- Within half an hour of disclosure, Volo managed to freeze approximately $500,000 of the drained funds
- The protocol’s remaining total value locked of $28 million in other vaults remains secure
- Volo’s development team committed to fully compensating users without transferring losses
On April 21, Volo Protocol, a liquid staking service operating on the Sui network, publicly acknowledged a security breach that resulted in the loss of roughly $3.5 million in deposited user funds.
The security incident specifically impacted three distinct vaults containing Wrapped Bitcoin, the gold-pegged token XAUm, and the stablecoin USDC. Other vaults within the protocol’s infrastructure remained uncompromised.
🔒 Security Incident Update – Volo Protocol
We want to address our community directly and transparently about a security incident that occurred earlier today. Rest assured, Volo is prepared to absorb any loss.
What happened:
An exploit resulted in the removal of approximately…
— Volo (@volo_sui) April 21, 2026
The team disclosed the incident via X, noting that they promptly reached out to the Sui Foundation and ecosystem collaborators following detection of the exploit. As a precautionary measure, all protocol vaults were immediately frozen to prevent additional fund drainage.
Remarkably, just 30 minutes following the public disclosure, Volo reported successfully freezing approximately $500,000 of the compromised assets. Details regarding the mechanism used to execute this freeze were not provided.
According to the protocol’s statement, the unaffected vaults containing the remaining $28 million in total value locked face no exposure to risk. Volo clarified that these vaults operate independently and don’t contain the same security flaw.
Team Commits to Full User Compensation
Volo’s development team announced they would shoulder the complete financial burden of the security breach without transferring any costs to affected users. “We want to be clear: Volo is prepared to absorb this loss,” the team communicated on X.
As of now, the protocol hasn’t provided technical details about the exact vulnerability that enabled the exploit. No information regarding the attacker’s identity has been made available to the public.
According to Volo’s announcement, all vaults will remain in a frozen state until a comprehensive incident analysis is finished and a security improvement strategy is implemented. The team is collaborating with blockchain forensics specialists in an effort to trace and potentially retrieve the outstanding stolen assets.
Emphasizing their commitment to the community, the protocol stated that rebuilding user confidence remains paramount. “We understand that trust is earned, and right now, we are focused entirely on actions,” Volo communicated.
Recent Wave of DeFi Security Incidents
This Volo security breach occurs shortly after a significantly larger incident involving Kelp DAO, a LayerZero-based cross-chain bridge protocol, which experienced a devastating $292 million exploit.
Security researchers have attributed the Kelp DAO attack to the Lazarus Group, a North Korean state-sponsored hacking collective with an established history of targeting cryptocurrency infrastructure.
Volo’s team hasn’t indicated any potential relationship between their security incident and the separate Kelp DAO breach.
No specific timeline has been announced for when normal vault operations will resume. A detailed technical post-mortem analysis is anticipated following the conclusion of the ongoing investigation.
Currently, the $500,000 in successfully frozen assets represents the only confirmed portion of stolen funds that has been secured.
