Volo, a decentralized liquid staking protocol on the Sui blockchain, suffered a $3.5 million exploit after attackers identified a vulnerability in the protocol’s vault accounting mechanism, draining funds from multiple liquidity pools.
The Volo team confirmed the attack in a post-mortem, indicating the exploit involved a price manipulation attack on its internal oracle that allowed the attacker to inflate deposited asset values before withdrawing an outsized amount of underlying tokens.
“We immediately paused all withdrawals upon detecting the anomalous activity,” the team stated. “No further funds are at risk. We are working with blockchain forensics firms to trace the attacker.”
The exploit is the latest in a string of attacks targeting protocols built on newer Layer 1 networks. Sui’s TVL had grown to approximately $2.8 billion in April before the attack.
