Decentralized finance (DeFi) protocol Volo disclosed a security breach that resulted in the loss of approximately $3.5 million in digital assets, the latest incident in a series of exploits targeting DeFi platforms.
On Wednesday post on X, the team found that the attack affected selected vaults and affected assets including Wrapped Bitcoin (WBTC), Matrixdock Gold “We detected the attack, immediately notified the Sui Foundation and ecosystem partners to address the damage, and froze the vaults to prevent further exposure,” the team wrote.
The minutes added that a total of approximately $28 million in value locked in other vaults was safe and sound, that the exploit was narrow to three isolated vaults and that no common vulnerabilities had been identified. Plans to absorb losses rather than pass them on to users have also been revealed, although details of the remediation plan have not yet been finalized.
Volo is a liquid DeFi staking platform on the Sui blockchain, allowing users to stake their Sui tokens (SUI) and receive voloSUI (VSUI) in return. DeFi is already in a challenging spot, and the exploit comes after another liquid replenishment protocol, Kelp, was hacked over the weekend to the tune of approximately $293 million, reverberating across the broader ecosystem.
Related: Kelp DAO attacker moves $175 million in Ether after exploit: Arkham
Volo freezes some of the lost funds
In two separate updates, Volo said it had frozen or blocked approximately $2 million worth of stolen funds so far. In the first update, the protocol he said that approximately $500,000 related to the breach has already been frozen. In a later update the team he claimed successfully blocked the attacker’s attempt to defeat 19.6 WBTC, effectively depriving the hacker of control over these funds.
“We are currently working with ecosystem partners to determine the best path to return these funds to Volo,” the minutes said.
Cryptocurrency hacks have resulted in $17 billion in losses over 10 years
As Cointelegraph reports, over $17 billion has been stolen in crypto over the past decade, and private key compromise has been identified as one of the main attack vectors, according to DefiLlama.
Related: ZachXBT asks MemeCore to clarify token valuation and supply
Approximately 22.3% of incidents are related to brute-force key compromises, 18.2% to unknown methods, and 10% to phishing attacks on multi-signature wallets. The findings show that many of the biggest losses come from wallet security and user-side vulnerabilities, not protocol errors.
Warehouse: 53 DeFi projects penetrated, 50 million NEO tokens can be “returned”: Asia Express
