Another decentralized finance (DeFi) protocol has been the target of a hack.
Volo Protocol said Wednesday (April 22) that a breach had drained around $3.5 million in digital assets from its vaults.
“The ~$28M in TVL across all other Volo vaults is safe,” the company said in a post on X. “The exploit was isolated to 3 specific vaults, and we have confirmed no shared attack vector exists with the remaining vaults.
“We want to be clear: Volo is prepared to absorb this loss. We will do our best not to pass this to our users,” the statement added. “We are in damage control mode now, but once that’s done, we will work out a remediation plan, and a full breakdown will be shared shortly.”
The breach was flagged in a report by CoinDesk, which said the incident adds to an increasing sense of uneasiness in the DeFi space following a string of similar hacks. This one comes just after an exploit in which an attacker drained nearly $300 million from KelpDAO.
As PYMNTS wrote Wednesday, that attack triggered a chain reaction that wiped out close to $9 billion from the largest DeFi lending platform and “is fast becoming a reputational, even existential, crisis for DeFi.”
While past attacks were focused on private keys or flawed smart contracts, this breach targeted the connective tissue of blockchain ecosystems: the messaging layer that allows for interoperability across chains.
“Past hacks were due to stolen keys or bugs in smart contracts, this one was convincing the vault the thief was actually the owner,” Ryan Rugg, global head of digital assets for Citi Treasury and Trade Solutions, told PYMNTS CEO Karen Webster during the latest episode of the “From the Block” podcast.
The exploit, the report said, has highlighted the “unavoidable tensions” between crypto’s desire for open, interoperable systems and the institutional demand for security and control that has long defined, and in some cases limited, the evolution of blockchain.
“Does this delay the institutional adoption of DeFi? Maybe,” Rugg said. “It is going to take some of the confidence out of the market.”
However, she stopped short of categorizing the incident as a defining setback, arguing that any institutionally driven decision will likely depend on whether companies can implement “proper redundancy and security at every layer where the trust resides.”