- Volo exploit drains $3.5M, raising new fears across DeFi markets
- Attackers freeze blocked funds as recovery efforts begin across ecosystem
- KelpDAO breach exposes infrastructure risks after $290M loss shocks industry
A security breach at Volo has intensified concerns across decentralized finance after millions disappeared from its vaults. The liquid staking platform on the Sui blockchain confirmed that attackers drained about $3.5 million from selected vaults, drawing immediate attention from users and market observers.
According to Volo, the compromised assets included Wrapped Bitcoin, XAUm, and USDC, which were held within isolated vault structures designed to limit broader exposure. Volo explained that the incident affected only three vaults, while the rest of its infrastructure remained intact and operational.
Additionally, the team responded quickly after detecting suspicious activity and coordinated with ecosystem partners to contain further losses across the network. It froze the impacted vaults and alerted the Sui Foundation, aiming to restrict any additional movement of funds linked to the attacker.
Besides immediate containment, Volo reassured users that approximately $28 million in total value locked across other vaults remains unaffected by the exploit. The platform also stated that it has not identified any shared vulnerability, suggesting the breach targeted specific vault configurations.
Also Read:Â Bitcoin Supply Shock Looms as Exchange Reserves Crash to Record Lows
Recovery efforts begin as Volo blocks part of stolen funds
Significantly, Volo has already managed to freeze or block around $2 million of the stolen assets through coordinated recovery actions with partners. Early efforts secured roughly $500,000, while a later intervention successfully prevented the transfer of 19.6 Wrapped Bitcoin linked to the exploit.
Consequently, a portion of the stolen funds has been removed from the attacker’s control, improving the likelihood of partial recovery for affected users. The protocol stated that it is working closely with partners to determine the most effective method to return those funds.
However, the full remediation plan remains under development, even though the platform intends to absorb the losses instead of passing them on to users. This approach aims to preserve confidence at a time when security concerns continue to influence user behavior.
DeFi sector faces mounting pressure after repeated security breaches
Meanwhile, the breach arrives as decentralized finance faces broader instability following another major exploit reported by 36Crypto involving KelpDAO. The incident resulted in losses of nearly $290 million and quickly drew attention across the digital asset sector. Early findings suggest the attack involved a coordinated RPC-based strategy linked to the Lazarus Group, indicating a more advanced threat model. Rather than breaching the core protocol, attackers targeted the verification process that relies on external data sources.
Moreover, the breach centered on KelpDAO’s rsETH configuration, which depended on a single verification network that created a critical point of failure. As a result, manipulated data passed through validation checks and enabled unauthorized transaction confirmations.
Consequently, this pattern highlights growing risks tied to infrastructure-level weaknesses, especially as decentralized systems depend on external validation layers for operational accuracy. The Volo exploit underscores ongoing risks within decentralized finance, as platforms face increasing pressure to strengthen infrastructure and protect user assets.
Also Read: Russia Moves Toward Strict Crypto Control as New Bill Advances
