According to BroadChain, at 05:16 on April 23, CryptoNews reported that the SUI chain's liquid staking protocol Volo suffered a security breach on April 22, 2026, resulting in losses of approximately $3.5 million from its WBTC, XAUm, and USDC vaults. This marks the first major security incident for the protocol since its launch 18 months ago. The team has committed to fully covering user losses and swiftly froze the vaults to control the situation. The remaining unaffected vaults, holding about $28 million in TVL, remain secure.
This incident occurred just as the SUI chain's total value locked (TVL) surpassed $1.2 billion. The core issue lies in the nature of the vulnerability: whether it was a specific implementation flaw in Volo itself or a structural risk signal within SUI's rapidly expanding DeFi ecosystem. The Volo team initially attributed the cause to a specific vault vulnerability rather than a systemic issue with the protocol's overall architecture, explaining why the $28 million in assets in adjacent vaults were unaffected.
The team responded swiftly, detecting the vulnerability, freezing all vaults, and notifying ecosystem partners within hours. On-chain investigations revealed that approximately $500,000 of the stolen funds had been transferred to the attacker's address following the exploit. Volo is coordinating with on-chain investigators and the SUI Foundation to recover the funds. The SUI chain lending protocol SuiLend confirmed that its deposit and lending operations are functioning normally, with no cross-protocol contagion observed.
The incident highlights a common paradox in DeFi risk isolation design: vault-specific architectures aim to isolate risks but can also create concentrated exposure points that bypass the overall protocol's defenses. The vulnerability was contained to about 11% of the total TVL ($31.5 million), preventing broader losses, which is one of the few positive signals from the event. Volo's upcoming post-mortem analysis report will detail the root cause (categorized as a SUI network security vulnerability) and the timeline for the compensation mechanism.