Volo Protocol, a liquid staking platform on the Sui blockchain, confirmed a security exploit on April 21, 2026, resulting in the loss of approximately $3.5 million in user assets. The attack specifically targeted three of the protocol's vaults, which held Wrapped Bitcoin (WBTC), a gold-backed token (XAUm), and USDC.
Upon discovering the breach, Volo's team immediately froze all vaults to prevent further losses and contacted the Sui Foundation and key ecosystem partners. Within 30 minutes of the public announcement, the team managed to freeze $500,000 worth of the stolen assets. In a subsequent update, Volo announced it had blocked the attacker from bridging out 19.6 WBTC, securing those funds. The remaining $28 million in Total Value Locked (TVL) across Volo's other vaults was reported to be safe, as they did not share the same vulnerability.
The protocol has pledged to absorb the full financial impact of the hack and will not pass any losses on to its users. "We want to be clear: Volo is prepared to absorb this loss," the team stated on social media platform X. A full post-mortem analysis is underway, and all vaults will remain frozen until the investigation is complete and a remediation plan is established. The team is working with on-chain investigators to attempt recovery of the remaining stolen funds.
The incident adds to a troubling trend of DeFi exploits in April 2026, with total losses exceeding $600 million. Other major breaches during this period include a $292 million hack on Kelp DAO, linked to North Korea's Lazarus Group, and a $285 million exploit on Drift Protocol. As a precaution following the Volo news, NAVI Protocol paused its operations, and Matrixdock secured its XAUm token backing.
