The Volo Protocol, an innovative method for staking assets in a decentralized way via liquid staking on the Suis blockchain, is currently unable to use any of its vaults. This follows the discovery of a large exploit that has drained an estimated USD 3.5 million through three Volo Vaults: One for WBTC, one for XAUm (gold-backed tokens), and one for USDC.
How the Volo Exploit Happened?
The Volo team became aware of the exploit and took action to notify the Sui Foundation and ecosystem partners to contain the damage as soon as possible. Volo immediately froze all of its Vaults to prevent any further exposure or misuse. The team has also confirmed that all of its remaining vaults have no current shared vulnerabilities and are therefore safe to use. The total value locked (TVL) in the remaining vaults is around USD 28 million.
As of now, the Volo Protocol has already recovered approximately USD 500,000 in stolen assets through the cooperation of both onchain investigators and ecosystem partners. Volo will publish a complete investigation into this issue once the investigations are complete.
Volo’s Official Position and Future Steps
In a statement, the Volo team emphasized that they are “prepared to absorb the loss” and “do our best not to pass this to our users.” They also acknowledged that “trust is earned,” and also claimed that currently they are “in damage control mode” and that they are currently developing an emergency plan and a full analysis of the incident.
In a second update post (the most recent one), Volo stated that they have intercepted 19.6 Wrapped Bitcoin (WBTC) while the hacker was attempting to bridge them. Now, the team is proactively working with ecosystem partners “to determine the best path to return these funds to Volo.” In the meantime, all vaults will remain frozen until a full post-mortem analysis and remediation have been completed.
The Volo exploit is one more item to be added to the large list of cyber attacks that have taken the decentralized finance (DeFi) space, with massive losses in just a couple of months since the year started. These incidents show a harsh reality: technology improves security, and hackers improve their means to break it.
