Sui-based Defi protocol Volo has disclosed a security breach that resulted in the loss of approximately $3.5 million (roughly Rs. 33 crore) in digital assets. This incident is another addition to the growing list of DeFi platforms that were exploited. The team also disclosed that the attack affected select vaults and involved assets including Wrapped Bitcoin (WBTC), Matrixdock Gold XAUm, and USDC. The protocol also highlighted that the exploit was limited to three isolated vaults and that around $28 million (roughly Rs. 263.53 crore) in total value locked across other vaults is safe, with no shared vulnerabilities identified.
Protocol Moves Quickly To Contain Damage And Secure Funds
In separate updates posted by the company, Volo said that it has frozen or blocked roughly $2 million (roughly Rs. 18.82 crore) of the stolen funds so far. The protocol said that roughly $500,000 (roughly Rs. 4.7 crore) linked to the breach has been frozen, and in a later update, the team claimed that it had successfully impeded an attempt by the attacker to steal 19.6 WBTC by removing those funds from the hacker’s control. Volo also unveiled plans to absorb the losses rather than pass them on to users, though details of any rectification are yet to be finalised.
In a post on X, Volo Foundation shared the security update and stated, “We detected the attack, immediately notified the Sui Foundation and ecosystem partners to contain the damage, and froze the vaults to prevent any further exposure.” Replying to the post, Volo also asserted a plan on absorbing the loss and said, “Working closely with ecosystem partners and security teams, we have now flagged the hacker’s EVM addresses across the majority of CEXes, swappers, and KYT tools. This significantly limits the attacker’s ability to move or liquidate the remaining funds.”
:lock: Security Incident Update – Volo Protocol
We want to address our community directly and transparently about a security incident that occurred earlier today. Rest assured, Volo is prepared to absorb any loss.
What happened:
An exploit resulted in the removal of approximately…
— Volo (@volo_sui) April 21, 2026
This hack is just one further in a long line of Web3 hacks that happened in 2026. These hacks have recorded losses of over $482 million (roughly Rs. 4,500 crore) in the first quarter of 2026, as per a report published by blockchain security company Hacken.
Q1 2026 also saw 44 incidents overall, including a single $282 million (roughly Rs. 2,633 crore) hardware wallet scam in January, which was responsible for more than half of this quarter’s damage. Security experts have warned that vulnerabilities persist, with attackers continuing to target high-value platforms across the crypto ecosystem.
Security risks remain significant for DeFi protocols with the continued frequency of attacks. As the crypto market grows and attracts more money, it will be important to have stronger protections, better user education, and better infrastructure to lessen the effects of future hacks and keep people’s trust in decentralised financial systems over the long term.
Cryptocurrency is an unregulated digital currency, not a legal tender and subject to market risks. The information provided in the article is not intended to be and does not constitute financial advice, trading advice or any other advice or recommendation of any sort offered or endorsed by NDTV. NDTV shall not be responsible for any loss arising from any investment based on any perceived recommendation, forecast or any other information contained in the article.
