Decentralized finance (DeFi) protocol Volo disclosed a security breach that resulted in the loss of approximately $3.5 million in digital assets, the latest in a series of attacks targeting DeFi platforms.
In a Wednesday post about “We detected the attack and immediately notified the Sui Foundation and ecosystem partners to contain the damage and froze the vault to prevent further exposure,” the team wrote.
The protocol added that a total value of approximately $28 million locked in different repositories is secure, with exploits limited to three isolated repositories and no shared vulnerabilities identified. They also announced plans to absorb losses rather than passing them on to users, although the details of the recovery plan have not yet been finalized.
Volo is a liquid staking DeFi platform on the Sui blockchain that allows users to stake Sui (SUI) tokens and receive voloSUI (VSUI) in return. DeFi is already in crisis. That’s because Kelp, another liquid re-staking protocol, was hacked for an estimated $293 million over the weekend, causing ripple effects across the wider ecosystem.
relevant: Kelp DAO Attackers Move $175 Million in Ether After Exploit: Arkham
Volo freezes some of the lost funds.
In two separate updates, Volo said it has so far frozen or blocked about $2 million in stolen funds. In its first update, the protocol said approximately $500,000 related to the breach has already been frozen. In a later update, the team claimed that they had successfully blocked the attacker’s attempt to link 19.6 WBTC, effectively removing those funds from the hackers’ control.
“We are currently working with our ecosystem partners to determine the best path to return these funds to Volo,” the protocol wrote.
Cryptocurrency hacks could cost $17 billion in 10 years
As Cointelegraph reports, more than $17 billion has been stolen in cryptocurrencies over the past decade, with private key compromise identified as one of the leading attack vectors, according to Defillama.
relevant: ZachXBT asks MemeCore for clarification on valuation and token supply.
Approximately 22.3% of incidents involve brute-force key compromise, 18.2% involve unknown methods, and 10% involve phishing attacks on multi-signature wallets. Studies have shown that most of the biggest losses come from wallet security and user-side weaknesses rather than protocol bugs.
magazine: 53 DeFi projects penetrated, 50 million NEO tokens ‘could be returned’: Asia Express