Decentralized finance (DeFi) protocol Volo has disclosed a security breach that resulted in the loss of approximately $3.5 million in digital assets, marking the latest in a series of exploits targeting DeFi platforms.
On Wednesday Post At X, the team said the attack affected select wallets and the assets they contained, including wrapped bitcoin (WBTC), MatrixDoc Gold XAUm and USDC (USDC). “We detected the attack, immediately notified Sui Foundation and ecosystem partners for damage control, and froze the vaults to prevent further exposure,” the team wrote.
The protocol added that around $28 million in total value locked in other wallets is protected, the exploit is limited to three isolated wallets and no common vulnerability has been identified. It also revealed plans to absorb losses rather than pass them on to consumers, although details of any remediation plans have yet to be finalised.
Volo Sui is a liquid staking DeFi platform on the blockchain, which allows users to stake their Sui (SUI) tokens and receive voloSUI (VSUI) in return. DeFi is already on edge, as the exploit comes as another liquid restocking protocol, Kelp, was hacked over the weekend for nearly $293 million, with implications for the wider ecosystem.
Related: Kelp DAO Attacker Moves $175M in Ether After Exploit: Arkham
Volo freezes a portion of the lost funds.
In two separate updates, Volo said it has so far frozen or blocked about $2 million in stolen funds. In the first update, the protocol said About $500,000 in funds linked to the breach have already been frozen. In a later update, the team claimed This successfully blocked the attacker’s attempt to bridge 19.6 WBTC, effectively removing the funds from the hacker’s control.
“We are now working with environmental partners to determine the best way to return these funds to Volo,” the protocol wrote.
Crypto hacks claim $17 billion in 10 years
As Cointelegraph reported, more than $17 billion in crypto has been stolen over the past decade, according to DefiLlama, identifying private key compromises as one of the main actors in the attack.
Related: ZachXBT asks MemeCore to explain pricing and token supply.
About 22.3% of incidents are linked to brute force key compromises, 18.2% to unknown methods and 10% to phishing attacks on multi-signature wallets. The results show that many of the biggest losses come from wallet security and user-side vulnerabilities rather than protocol bugs.
Magazine: 53 DeFi projects hacked, 50M NEO tokens ‘could be returned’: Asia Express