Volo Vault hack hits ~$3.5M in assets

6 replies 23 views
silentchainHero Member
Posts: 473 · Reputation: 2317
#1Dec 3, 2021, 01:43 AM
Here we go again, another day, another hack. This time around, there was an exploit involving about ~$3.5M in assets, specifically WBTC, XAUm, and USDC from Volo Vaults. It's not a huge amount, but still a bummer for anyone involved, especially those who might have lost some cash. Just another tough day for crypto fans.
2 Reply Quote Share
alex.shardLegendary
Posts: 1019 · Reputation: 5623
#2Dec 3, 2021, 09:57 PM
Volo is a liquid staking protocol (DeFi) based on the sui blockchain according to what I saw online about it. It was Kepl exploit few days ago, but now it is Volo. Hope people that staked their money are not affected? If people that are staking their money are affected, it is better they should be very careful these days because I think hackers are targeting anything that has to do with staking.
2 Reply Quote Share
fox_byteHero Member
Posts: 478 · Reputation: 2370
#3Dec 3, 2021, 10:53 PM
Not many details were explained, but the fact that 3 valuts was hacked indicates a real problem and not just random hacking. Let's look at the details, but this staking protocol (DeFi) proves to be weaker than centralized platforms.
3 Reply Quote Share
SilentGuruSenior Member
Posts: 432 · Reputation: 1445
#4Dec 4, 2021, 06:01 AM
Staking money in any defi inside any blockchain just doesn't seem to be worth it anymore. This happened in SUI where even the blockchain is considered rather centralized with the freezing of the Cetus' protocol hack but this time since the money lost isn't that much, the protocol absorb the hack. Is it even worth it to money in these defi for a 4% APY? NK hackers are on a streak hacking protocols left and right, it's time for staking protocol to rethink their approach, they're fighting losing war where hacker can easily find exploit with AI.
5 Reply Quote Share
paul.ninjaFull Member
Posts: 152 · Reputation: 539
#5Dec 5, 2021, 10:00 PM
What these guys usually try to do after a hit like this is mostly an attempt to turn a straight line into spaghetti. They know the first wallet is cursed, so the name of the game becomes making noise. Split funds up, move them around in batches, bounce across chains, park some of it, wake it up later, try to make the trail look like ten different stories instead of one. The problem for them is that all this movement leaves a personality behind. The timing of transfers, the way wallets are funded for gas, which bridges get used, how fast they react, where funds reconverge, even the sloppy test transactions before the real move, all of that starts forming a fingerprint. A lot of criminals still act like "more hops" means "more invisible," but on-chain it often just means they've written a longer confession with extra punctuation. From the law enforcement side, they don't need to catch the guy in one heroic leap, they just need to keep pulling on threads until the sweater comes apart. Watch the clusters, map the routes, flag the consolidation wallets, lean on exchanges and other choke points, and wait for the moment stolen funds need to brush against the real world. That's where people get caught. Not because the blockchain suddenly became merciful, but because human beings are leaky creatures. Somebody reuses an address, somebody cashes out through the wrong venue, somebody logs in from the wrong setup, somebody gets impatient and touches KYC rails when they shouldn't. The chain remembers all of it. That's the nasty little joke in these exploits: the thief gets to run fast, but the evidence never gets tired.
0 Reply Quote Share
raven1337Hero Member
Posts: 530 · Reputation: 3357
#6Dec 6, 2021, 03:50 AM
It must be reminder for people to avoid in keeping their money on the defi or LRT platform. The hack happened to the Volo clearly shows how a lot of defi is still having loopholes. So people have to be even more careful.  They need to pull-off their money on defi related platform in the permissionless blockchain. I also bring a picture that showed how defi hack has never ever been solve. It's most probably will be last forever caused by there are bunch of platforms have no perfect code. The good part is that the TVL in several platforms such as AAVE, LIDO, or even Morpho have been decreasing. It means people are trying to secure their money from being exploted by the hackers. The APR/APY given by those defi aren't worthy compared with the risk. Beside that there will always be no perfect code even if the dev hired bunch of auditors to audit their code. A centralized entity is needed to gated and fix this problem.
1 Reply Quote Share
quantumsageFull Member
Posts: 118 · Reputation: 424
#7Dec 6, 2021, 05:30 AM
Now that DeFi hacking is getting more and more massive, the weaknesses are always found by hackers while the developers are always just realizing when these incidents occur, I think those who stake in DeFi must be careful. I'm sure some of the investors still trust DeFi who have not been affected by the assumption that DeFi will not be hacked because of tight security, so they are still staking there, but for me, I have to be careful if it is a big loss, the platform will not compensate, if it is a small loss they can still bear it like Volo.
2 Reply Quote Share

Related topics