Published On: Wed, 22 Apr 2026 06:57:36 GMT

Volo Protocol Hit by $3.5M Exploit on Sui

Volo Protocol exploit drains $3.5M on Sui. Team freezes vaults, secures $28M TVL, and will fully reimburse users after breach.

Kritika Gupta News Hacks & Scams

Apr 22, 2026, 6:57 AM UTC

Author: Kritika Gupta

Low Attention

Overheated

HypeMeter

Steady attention without excessive speculation.

22nd April 2026- Volo Protocol, a liquid staking and BTCFi platform on the Sui blockchain, suffered a $3.5 million exploit between April 21 and 22, 2026, after attackers targeted three specific vaults. However, the team acted quickly to contain the breach and confirmed that unaffected funds remain secure. Most importantly, Volo has pledged to fully absorb the losses, ensuring that users do not face any direct financial impact. Meanwhile, the incident adds to a growing list of DeFi exploits in 2026, reinforcing concerns around smart contract risks even in audited protocols.

High Signal Summary For A Quick Glance

📌 Key Takeaways 👥 Who Is Impacted 📊 Implications

Volo exploit drains $3.5M but users remain fully protected.
Team absorbs losses, preventing user impact.
Vaults paused temporarily, while core funds remain secure.
Highlights persistent smart contract risks despite audits across DeFi.
Transparent response may stabilize confidence.

Retail traders: Retail users face temporary yield disruption but no direct financial losses.
Long-term holders: Confidence tested, but protected funds and reimbursement reduce damage.
Institutions: Limited exposure likely, with minimal impact due to exploit scale.
Builders and ecosystem participants: Increased scrutiny on vault security and contract risk management.
Broader crypto market: Adds to exploit narrative but brings minimal systemic market impact.

🟢Short term: Vault pause may disrupt yields and pressure Sui DeFi TVL

The Talk

Real voices. Real reactions.

KOLs

Media

Community

Volo exploit on @SuiNetwork: > ~$3.5M drained from 3 vaults (WBTC, $XAUm, USDC); all vaults frozen. > $XAUm bridge paused, hacker funds frozen; LBMA gold reserves audited by Bureau Veritas remain intact. > ~ $28M across other Volo vaults reported safe; team says they’ll absorb https://t.co/y7MJ7k9D5t

🔒 Security Incident Update - Volo Protocol We want to address our community directly and transparently about a security incident that occurred earlier today. Rest assured, Volo is prepared to absorb any loss. What happened: An exploit resulted in the removal of approximately

03:54 AM·Apr 22, 2026

Another hack/exploit, this time on SUI's Volo vaults. 😔 $3,500,000 in assets... gone. The "good thing" seems to be that atleast for Volo, they are prepared to make everyone whole again despite the losses. Dark times for crypto. https://t.co/9JzlUsV2le

03:08 AM·Apr 22, 2026

Woahhhh!!! another hack hits crypto 🚨🚨🚨 - volo protocol exploited for around $3.5m - affected assets include wbtc, xaum, and usdc - team froze vaults after detecting the attack > current update - volo says remaining vaults are safe - around $28m tvl unaffected - https://t.co/UIUxrBHYsh

01:45 AM·Apr 22, 2026

Apr 22, 2026

Grandson Of John J.Gotti Gets 15 Months For $1.2M Crypto Fraud

Apr 21, 2026

KelpDAO Hacker Moves $175M in Stolen Funds as Laundering Phase Begins

Apr 21, 2026

Arbitrum Freezes $71M in ETH Linked to KelpDAO Exploit

Apr 21, 2026

Crypto Hack Losses Hit $17B as DeFi Exploits Keep Climbing

Fetching related reads

🟡Long term: Reimbursement and transparency may support trust recovery

🔴Key risk: Delayed post-mortem or hidden vulnerabilities could weaken confidence

Background and Context

Tweet not available.

Volo Protocol, a liquid staking and BTCFi platform on the Sui blockchain, disclosed a security breach between April 21 and 22, 2026. Attackers drained approximately $3.5 million in assets, including WBTC, XAUm, and USDC, from three specific vaults. The team quickly detected the exploit and moved to contain it.

The vulnerability appears to be isolated to those vaults. Early indications suggest a smart contract flaw linked to vault strategies, although the exact attack vector remains under investigation. Importantly, Volo confirmed that around $28 million in total value locked across other vaults remains unaffected.

This incident follows heightened activity on Sui after Volo’s acquisition by NAVI Protocol. Previously, Volo had undergone audits by firms such as Ottersec, Movebit, and Hacken. Despite these checks, the exploit highlights that audited protocols still carry risk.

Moreover, this is Volo’s first major security incident. However, the Sui ecosystem has faced similar stress before. For example, the Cetus hack in May 2025 pushed projects to improve risk isolation. In addition, recent large-scale exploits across DeFi in 2026, including incidents on Solana and Ethereum ecosystems, have already heightened market sensitivity to security risks.

Volo’s Immediate Response and Containment Efforts

Volo responded rapidly after detecting the breach. The team froze all vaults to prevent further damage and coordinated with the Sui Foundation and on-chain investigators. As a result, they have already secured roughly $500,000 during early recovery efforts.

At the same time, Volo confirmed that the vulnerability does not affect other vaults. The team paused the entire protocol as a precaution while it works on remediation. This approach reflects a containment-first strategy rather than selective patching.

Crucially, Volo stated it will fully absorb the $3.5 million loss using its own resources. Therefore, users will not face direct financial impact. This decision contrasts with other DeFi protocols that have historically socialized losses through token dilution or fee adjustments.

Implications for Users

In the short term, users remain largely protected. Funds in unaffected vaults stay secure, and Volo’s commitment removes immediate loss concerns. However, the temporary pause on all vaults will limit yield generation until services resume.

At a broader level, the incident reinforces ongoing concerns around smart contract risk in liquid staking and BTCFi models. Even audited systems can fail under complex strategy execution or cross-protocol interactions.

This Volo Protocol exploit may increase scrutiny on vault isolation mechanisms across Sui DeFi. Projects that rely on shared infrastructure or multi-protocol strategies could face higher user caution. As a result, short-term TVL outflows or reduced inflows may occur across similar platforms.

Frequently Asked Questions

What happened in the Volo Protocol exploit?

Attackers exploited a vulnerability in three vaults on Volo Protocol, draining about $3.5 million in assets including WBTC, XAUm, and USDC.

When did the exploit occur?

The incident took place between April 21 and 22, 2026, and the Volo team detected it quickly.

Are user funds safe after the exploit?

Yes. Volo confirmed that unaffected vaults holding around $28 million in TVL remain secure and were not impacted.

Will users lose money due to the exploit?

No. Volo Protocol has committed to fully absorbing the losses using its own funds, so users will not face any financial impact.

What caused the exploit?

The exact cause is still under investigation, but early indications point to a smart contract vulnerability tied to specific vault strategies.

What actions did Volo take after the breach?

The team froze all vaults, coordinated with the Sui Foundation, and began tracking and recovering stolen funds.

What does this mean for the Sui DeFi ecosystem?

The exploit may increase scrutiny on vault security and smart contract risks, although Volo’s transparent response could help maintain long-term confidence.

Editorial Note

Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.

Join Our Telegram Community

NEWS

OPINION/RESEARCH

FEATURES

ABOUT US

Volo Protocol Hit by $3.5M Exploit on Sui

The Talk

Read Other Hacks & Scams articles

Fetching related reads

Read Other Hacks & Scams articles

Background and Context

Volo’s Immediate Response and Containment Efforts

Implications for Users

Frequently Asked Questions

Editorial Note

In this article

Related reads

Related reads

Related reads

Related reads