Volo Protocol, a liquid staking platform on the Sui Network, was hacked on April 22, 2026, resulting in the theft of approximately $3.5 million from WBTC, XAUm, and USDC vaults. This is the first physical security breach witnessed by the protocol in its 18-month history.
The team pledged to fully absorb losses, confirming that approximately $28 million in total value locked (TVL) in unaffected vaults remains safe after a flash freeze of vaults successfully contained the breach.
The fundamental question raised by this incident is not whether Volo failed or not; he failed; The question is whether this represents an implementation flaw specific to Volo only, or a structural signal of risk in the rapidly expanding DeFi ecosystem of Sui Network, which had over $1.2 billion in value locked just before the incident.
- Penetration volume: Withdrawal of $3.5 million from WBTC, XAUm and USDC vaults in Volo protocol on April 22, 2026.
- Protocol context: Volo, a liquid staking platform based in Sui, had a locked value of approximately $31.5 million before the incident; The safety of $28 million in unaffected safes has been confirmed.
- Team response: The Volo team is committed to bearing all user losses; The safes were frozen within hours of the operation being discovered to prevent further damage.
- Online tracking: Approximately $500,000 in stolen funds were traced to the network; Volo’s team is working with investigators and the Sui Foundation to recover it.
- Impact on the ecosystem: SuiLend has confirmed that all deposits, loans and withdrawals are operating normally, with no confirmed cross-contamination between protocols.
- What to watch out for: Volo’s upcoming post-incident analysis report aims to determine the root cause – which has been classified as a vulnerability in Sui’s network – and the timeline for releasing a compensation mechanism.
How the Volo hack developed and what it revealed on the Sui network
Classifying the failure is essential before recounting the timeline: The Volo team described the root cause as a specific vulnerability in the vaults rather than an architectural flaw in the protocol as a whole, which is why $28 million in adjacent vaults remained intact.
This is not just a marginal note; It determines whether this is a limited implementation error or a systemic exposure on similar platforms.
The three affected vaults (WBTC, XAUm and USDC) were emptied for a total of $3.5 million. The attack vector has not been fully revealed pending investigations, and the team has not yet confirmed whether the flaw is related to smart contract logic, Oracle tampering, or another mechanism.
Volo’s post-incident analysis report will attribute the root cause to a vulnerability in Sui’s network, although details will not be confirmed until the report is officially released.
The response timeline represents the clearest positive signal available: Volo detected the breach, froze all vaults, and notified ecosystem partners within hours, limiting risk exposure to only the three affected pools.
Network investigators, including ZachXBT, identified nearly $500,000 in localized funds that were transferred to the attacker’s wallet addresses shortly after the hack. The Sui Foundation was hired to coordinate recovery efforts.
The structural lesson here reflects a pattern seen in recent DeFi hacks: a structure based on separate vaults, while designed to isolate risk, can create concentrated points of exposure that circumvent the collateral of the broader protocol. Whether or not this isolation worked in Volo’s favor, limiting the damage to $3.5 million instead of the total value locked in at $31.5 million, it remains one of the few obvious positives from this incident.
The article Volo Protocol hacked on Sui network and $3.5 million stolen appeared first on Cryptonews Arabic.
