- On April 21, Volo Protocol revealed that an attacker drained approximately $3.5 million in assets, including WBTC, XAUm, and USDC, from three specific Volo Vaults in a cybersecurity attack.
- According to the official statement, Volo Protocol detected the attack in no time and froze all vaults to avoid further losses.
- The protocol has confirmed that the remaining approximately $28 million TVL in other vaults is safe, and the team is ready to absorb the $3.5 million loss.
On April 21, Volo Protocol, a Bitcoin Finance (BTCFi) and liquid staking hub built on the Sui network, revealed a security incident that sparked panic among its users.
What Happened in the Volo Protocol Exploit
According to the official post on X (formerly Twitter), an attacker has exploited three specific vaults, draining approximately $3.5 million in assets consisting of Wrapped Bitcoin, XAUm, which is a gold-backed token, and USDC.
🔒 Security Incident Update – Volo Protocol
We want to address our community directly and transparently about a security incident that occurred earlier today. Rest assured, Volo is prepared to absorb any loss.
What happened:
An exploit resulted in the removal of approximately…
— Volo (@volo_sui) April 21, 2026
The protocol, which is powered by Navi Protocol and backed by major investors including OKX Ventures, Hashed, and DaoFive, has managed to respond quickly after the incident came to their notice.
The team behind it has immediately informed the Sui Foundation and ecosystem partners. It helped them to freeze all vaults to avoid any losses. They also reached out to on-chain investigators to recover stolen funds.
In the official post on X, Volo shared details of a cyber attack to maintain transparency, stating that, “An exploit resulted in the removal of approximately $3.5M in assets (WBTC, XAUm, and USDC) from Volo Vaults…The ~$28M in TVL across all other Volo vaults is safe. The exploit was isolated to 3 specific vaults, and we have confirmed no shared attack vector exists with the remaining vaults.”
“We detected the attack, immediately notified the Sui Foundation and ecosystem partners to contain the damage, and froze the vaults to prevent any further exposure,” stated in the official post on X.
Volo Protocol Ready to Absorb Entire $3.5M Loss, Recovers $500,000
The Volo Protocol team has ensured that the remaining vaults are safe and unaffected in this attack, which holds about $28 million in total value locked (TVL). However, as a precautionary measure, all vaults are currently frozen to avoid any further losses and confirm safety checks.
✅ Recovery Update – Volo Vaults
Since our initial response, we have moved aggressively to recover stolen funds.
Working closely with ecosystem partners, we have successfully frozen ~$500K of assets that were part of the breach.
Stay tuned, we will continue to share updates… https://t.co/lHjxZ58bdW
— Volo (@volo_sui) April 21, 2026
In a recent post after the initial announcement, Volo shared a major announcement where they managed to recover some stolen funds after working with ecosystem partners. The post reads, “Working closely with ecosystem partners, we have successfully frozen ~$500K of assets that were part of the breach.”
The protocol has also shown readiness to absorb damage done by this cyber attack without putting a burden on the users. “Volo is prepared to absorb this loss. We will do our best not to pass this to our users. We are in damage control mode now, but once that’s done, we will work out a remediation plan, and a full breakdown will be shared shortly,” stated in the post.
Volo Protocol is working as a yield-generating platform where users can deposit assets into vaults. This incident has only affected a small subset of vaults, which has limited the overall impact on the protocol’s roughly $31.5 million in total value locked at the time of breach. Such kind of attacks on the crypto sector are linked to North Korea.
After this incident, Navi Protocol has issued a precautionary pause on its own contracts to ensure the security of the protocol. However, it has also confirmed that it was not directly impacted by the incident. Deposits and withdrawals on Navi are expected to resume within a few hours.
Currently, many protocols are being targeted by hackers, and this is why many protocols are pausing their operations to ensure the safety of users’ funds. Recently, Ethena has also announced that its bridges for moving USDe and sUSDe tokens across blockchains using LayerZero are back live after suspending its service following the KelpDAO hack.
