Volo Protocol, a liquid staking platform based on Sui, said on Tuesday that it suffered an attack resulting in the theft of approximately $3.5 million in assets.
In a post published on the social media platform X, Volostated that the attack affected assets in the protocol’s WBTC, XAUm, and USDC vaults. The protocol said it has immediately notified the Sui Foundation and ecosystem partners, and has frozen these vaults to limit the impact.
Volo noted that all vaults will remain frozen pending a full investigation and remediation, and other vaults are not affected by the same vulnerability and are secure.
The statement said: "The total value locked (TVL) of approximately $28 million in all other vaults of Volo is secure. We want to make it clear: Volo is prepared to absorb this loss. We will do our utmost to ensure that users are not burdened with the loss."
Less than 30 minutes after the initial announcement, Volo said it had successfully frozen the stolen $500,000 in assets.
“We understand that trust must be earned, and right now, we are fully focused on action,” Volow wrote. The protocol has not disclosed the vulnerability that led to the attack, nor has it revealed the suspected identity of the attackers.
The Volo exploit follows a $292 million scam on the LayerZero-based cross-chain bridge Kelp DAO, which investigators have linked to North Korea’s Lazarus hacking group.