- Volo Protocol suffered a $3.5M exploit affecting WBTC, XAUm, and USDC vaults on Sui.
- The team froze all vaults, saying $28 million in other vaults remains safe.
- Volo recovered momentum quickly by freezing $500K and blocking a 19.6 WBTC bridge attempt.
Volo Protocol, a liquid staking platform built on Sui, said it was hit by an exploit that drained about $3.5 million in assets.
The breach affected three vaults holding WBTC, XAUm, and USDC. Volo said it detected the attack quickly, contacted the Sui Foundation and ecosystem partners, and froze the vaults to stop further losses.
The team said all vaults remain frozen while a full investigation and fix are underway.
$3.5M Taken From Three Vaults
According to Volo, the exploit was limited to three specific vaults. The project said no shared weakness has been found in its remaining products. Volo added that around $28 million in total value locked across all other vaults is safe.
The protocol has not yet disclosed the technical cause of the exploit or identified the attacker, which leaves the market waiting for a full post-mortem. Volo said the report will be published after the review is complete.
Volo moved early to calm users after the breach. The team said it is prepared to absorb the losses and will try not to pass any damage to users.
This is an important statement because exploit events often end with user haircuts, frozen withdrawals, or long recovery waits. Instead, Volo said it plans to cover the shortfall internally while building a remediation plan.
Trust is now tied to execution, including fast recovery, clear updates, and reopening vault access, which will matter more than statements.
$500K Frozen, 19.6 WBTC Intercepted
Less than 30 minutes after the first public statement, Volo said it had frozen about $500,000 in stolen assets.
The team later gave a second recovery update, saying it blocked an attempt by the hacker to bridge out 19.6 WBTC. Those funds are no longer under attacker control.
Volo said it is now working with ecosystem partners on how to return the intercepted assets. If recovered, that would reduce net losses from the original $3.5 million hit.
NAVI Protocol Pauses as Precaution
NAVI Protocol said it paused contracts and activated security procedures after the Volo incident. NAVI said it was not impacted, calling the move a standard precaution while reviews were carried out.
The platform said deposits and withdrawals were expected to return within three to six hours. The response shows how one exploit can spread stress across connected DeFi platforms even when they are not directly hacked.
The Volo breach comes shortly after the $292 million Kelp DAO exploit, another major DeFi security event. While unrelated in structure, back-to-back incidents increase pressure on investors already watching bridge risk, vault design, and smart contract security across chains.
Related: Kelp DAO Hacker Launders $80M via THORchain, Activity Spikes
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
