Volo, a BTCFi and liquid staking protocol on the Sui blockchain, has frozen all user vaults after an exploit drained roughly $3.5mn in assets, temporarily locking yield generation and withdrawals across the platform while the team works to contain the breach.
Volo Freeze Locks User Funds After $3.5mn Sui Exploit
22 April 2026 - 12:30 CEST
By Sandmark staff
The attack targeted three specific vaults holding Wrapped Bitcoin (WBTC), Matrixdock’s XAUm – a token backed 1:1 by physical LBMA-accredited 99.99% pure gold stored in Asian vaults – and USD Coin (USDC). Volo detected the incident, notified the Sui Foundation and ecosystem partners, and acted quickly to freeze activity. The protocol pledged to absorb all losses itself, stating it would "do our best not to pass this to our users."
Approximately $28mn in total value locked (TVL) across unaffected vaults remains secure, with no shared vulnerability identified. The team is collaborating with onchain investigators and has already frozen around $500k of stolen assets, including blocking an attempt to bridge out 20 WBTC. A full post-mortem and remediation plan are expected soon.
Rapid response underway
All vaults are paused, halting user deposits, withdrawals and yield strategies until the situation resolves. In updates on X, Volo said it moved into "damage control mode" while prioritising actions to rebuild trust. "We understand that trust is earned, and right now, we are focused entirely on actions," the team posted.
Independent reports confirm the swift containment, with roughly $500k secured within 30 minutes of the initial announcement.
Sui DeFi security under spotlight
Sui is a fast Layer 1 blockchain designed for high transaction speeds. It has attracted growing DeFi activity, with total value locked across the ecosystem recently hovering around $500mn to $2bn, depending on market conditions.
However, the network has faced multiple security incidents in recent periods, including a large exploit at Cetus Protocol and smaller breaches at Nemo Protocol and Typus Finance. These events raise concerns that repeated hacks could erode confidence among both retail and institutional users in Sui’s vault and staking products.
This latest breach echoes broader DeFi challenges seen in the 30 Jul 2023 Curve Finance exploit, where a Vyper language vulnerability led to roughly $70mn in losses across liquidity pools. More recently, this month's 2026 Kelp DAO incident drew attention to persistent bridge and cross-chain risks.
