Volo Protocol, a decentralized finance protocol built on the Sui blockchain, has suffered a security breach that led to the loss of approximately $3.5 million in digital assets.

 

In an effort to maintain transparency, the team in an X post on Wednesday publicly announced the security breach. According to the team, the attack only affected assets in selected vaults, including Wrapped Bitcoin (WBTC), Matrixdock Gold XAUm, and USDC (USDC).

 

 

On detecting the breach, the team said it acted quickly to contain it and minimize further damage. It stated, “We detected the attack, immediately notified the Sui Foundation and ecosystem partners to contain the damage, and froze the vaults to prevent any further exposure.”

 

As of the time of its first reporting on the incident, the Volo team said that the $28 million in total value locked across other vaults was safe, adding that all vaults on the protocol were temporarily frozen pending a full postmortem and remediation. The team also said it was in damage control mode and was actively working with on chain investigators and ecosystem partners to recover the stolen funds.

 

The team released updates on the hack

Since the hack happened, the Volo team has, in three separate updates, transparently informed the community about the efforts being made to recover the stolen funds.

 

In the first two updates, the team said it was already working with ecosystem partners and had successfully frozen approximately $500 million of the stolen funds, while also intercepting and blocking the hacker’s attempt to bridge 19.6 WBTC. According to the Volo team, these funds were no longer under the hacker’s control.

 

In a third update, the team said it had already frozen $2 million of the stolen funds, and that together with ecosystem partners and security teams, it had flagged the hacker’s EVM addresses across the majority of centralized exchanges, swappers, and KYC tools.

 

The Volo protocol hack came shortly after the KelpDAO exploit and the Drift Protocol exploit, which led to a combined loss of over $570 million, and are currently the largest DeFi hacks that have occurred this year. So far, over $770 million has been lost to DeFi hacks this year.

 

 

The Solana Foundation, in collaboration with blockchain security firm Asymetric Research, has launched new security initiatives aimed at strengthening the security of the Solana network.

 

In a blog post on Monday, the foundation announced the launch of new security initiatives designed to provide an extra layer of protection for protocols built on the network. Among these initiatives are STRIDE, a security framework, and SIRN, a network of security firms focused on protecting the Solana ecosystem.

 

 

The STRIDE Framework 

STRIDE, which stands for Solana Trust, Resilience and Infrastructure for DeFi Enterprises, is a structured security framework and program launched by the Solana Foundation. It is aimed at evaluating, monitoring, and escalating security across all projects built on the Solana network.

 

The STRIDE framework is built on eight key pillars: program security, governance and access control, oracle and dependency risk, infrastructure security, supply chain security, operational security, monitoring and incident response, and log management and forensics.

 

These pillars will be used by the foundation’s partner, Asymmetric Research, to evaluate the security strength of all protocols on the Solana blockchain. Protocols with a total value locked of more than $10 million that pass the STRIDE evaluation will receive continuous operational security and active threat monitoring, funded by Solana Foundation grants. The higher the evaluation result, the greater the level of protection and funding they will receive.

 

Protocols with a total value locked of more than $100 million that pass the STRIDE evaluation will also receive, in addition to grants, formal fund verification. The foundation describes this as a mathematical, proof based method that exhaustively guarantees the correctness of smart contracts.

 

The findings of the STRIDE framework will be published publicly. According to the foundation, this is intended to give users and investors insight into the protocols they use and rely on.

 

SIRN: A Network of Security Firms

Among the initiatives launched by the Solana Foundation is SIRN, short for Solana Incident Response Network, a network of security firms that will respond and act in the event of a security incident.

 

Although SIRN will be available to all blockchain protocols on the Solana network, priority will be given to protocols with higher total value locked, similar to the additional benefits that protocols with higher total value locked will receive under the STRIDE program.

 

Interested in knowing who makes up SIRN?

 

The Solana Incident Response Network comprises Asymmetric Research, OtterSec, Neodyme, Squads, and ZeroShadow, a combination of cybersecurity firms that includes Web3 and traditional security firms as well as a smart contract auditing firm.

 

Increase in DeFi attacks

The programming initiatives launched by the Solana Foundation are in response to the over $280 million attack on Drift Protocol, the largest decentralized perpetual exchange on the Solana blockchain. The attack is, so far, the most devastating DeFi attack this year and the second largest in the history of the Solana blockchain, following the 2022 Wormhole attack, which resulted in losses exceeding $325 million.

 

Step Finance, a DeFi aggregator built on Solana, was also affected by a DeFi hack earlier this year, which led to losses of about $40 million. According to DeFiLlama, over $168 million was stolen across 34 blockchain protocols in the first quarter of this year, prior to the Drift incident.

 

 

Resolv Labs’ stablecoin, USR, has lost its U.S. dollar peg following an exploit of the token’s contract that allowed attackers to mint millions of tokens.

 

The exploit, which occurred on March 22, 2026, resulted in the creation of 50 million unbacked USR tokens, prompting the team to temporarily pause the protocol’s functions to prevent “further malicious actions.”

 

 

According to YieldsandMore, which first reported the story, the attack began with a 100,000 USDC deposit by the attackers, ultimately causing USR to lose its dollar peg and fall to $0.01.

 

After minting the USR tokens, the attackers converted them into wrapped USR (wstUSR) to access deeper liquidity on decentralized exchanges (DEXs). This allowed them to offload large amounts of wstUSR more gradually, reducing the risk of an immediate price crash of USR.

 

The next phase of the attack involved dumping and selling wstUSR tokens across multiple platforms, including KyberSwap and Velora. Using this method, the attackers swapped wstUSR for USDt and USDC, which were then aggressively converted into Ether (ETH).

 

Although the attack was first made public by the crypto research and analysis group YieldsandMore, the Resolv team was only able to pause the protocol three hours later.

 

“It took ResolvLabs three hours to pause its protocol. Roughly one hour of that delay came from the gap between submitting the multisig transaction and collecting the four required signatures to execute it,” YieldsandMore wrote on X.

 

While 50 million tokens were initially minted by the attackers, blockchain security company PeckShield reported that an additional 30 million USR tokens were later minted, bringing the total to approximately 80 million.

 

 

Price Action of USR in the Aftermath of the Exploit

The minting and dumping of USR tokens triggered a severe depeg, sending its price from $1 to roughly $0.02 to $0.05 within minutes, a decline of about 95 to 97%.

 

Although it briefly rebounded to between $0.14 and $0.20, USR is currently trading at $0.2773, according to data from CoinMarketCap at the time of publication. 

 

The USR depeg ranks among the most severe in recent history, second only to the collapse of Terra's TerraUSD (UST) in 2022, which fell from $1 to $0.02 and lost 98% of its value. Iron Finance also had its IRON stablecoin lose its dollar peg, dropping from $1 to about $0.05.

 

 

 

Trust Wallet has introduced a new address-poisoning protection feature that prevents crypto users from falling for address-poisoning attacks.

 

According to the company, this new feature automatically checks the destination address against a database of known scam and lookalike addresses to prevent malicious transactions. Because the feature runs automatically, users will receive real-time warnings if a risk is detected.

 

For now, the feature will be supported on 32 Ethereum Virtual Machine (EVM) chains, including Ethereum, BNB Smart Chain, Polygon, Optimism, Arbitrum, Avalanche, and Base.

 

The Menace of Address Poisoning

Address poisoning is a phishing-style attack in which scammers trick users into sending cryptocurrency to the wrong wallet address, usually one that closely resembles a legitimate address. 

 

Here’s how address poisoning works:

• A scammer generates a look-alike wallet address, typically one that shares the same first and last characters as a legitimate address.
• The attacker then sends a tiny, or “dust,” amount of crypto to an unsuspecting user.
• The fake address subsequently appears in the victim’s transaction history.
• Because crypto transactions are irreversible, the user may mistakenly send funds to the poisoned address, losing them permanently.

 

While address poisoning may not look as sophisticated or complex as other forms of crypto attacks, it has had a long history of success for scammers. 

 

In May 2024, a user accidentally sent 1,155 Wrapped Bitcoin (WBTC) worth approximately $68 million to a fake address. The attacker created a fake address that looked like the legitimate address, and due to lack of proper scrutiny, the user fell for it.

 

While in May 2025, a trader lost $2.6 million after falling for two address poisoning scams, and later that year, another trader lost $50 million in USDT after sending them to a poisoned wallet address.

 

 

Address Poisoning is Just a Numbers Game

Knowing that most crypto users rarely fall for address poisoning scams (roughly 1 success per 10,000 attempts), attackers often rely on scale to succeed. 

 

Between July 2022 and June 2024, over 270 million address poisoning attempts were recorded across the Ethereum and BNB Chain, with 6,633 of these attempts successful, leading to a loss of over $83 million. 

 

In another address poisoning campaign, scammers used 82,031 fake addresses on 2,774 victims. The result? Over $69 million was lost. 

 

And just last year, there were about 32,290 recorded address poisoning attacks in September, which affected over 6,000 victims.

 

 

Flow Foundation is seeking a court order in Seoul to halt the planned delisting of the FLOW token on three South Korean exchanges following an exploit on the protocol in December. 

 

The Flow Foundation and its parent company, Dapper Labs, filed a motion with the Seoul Central District Court on Monday to block the delisting of the FLOW token from three South Korean exchanges.

 

This move is coming months after the Layer 1 blockchain protocol suffered a security incident in December, which led to several exchanges temporarily stopping the trading of the FLOW token at the time. However, three major Korean exchanges; Upbit, Bithumb, and Coinone, have moved to permanently stop the trading of the token on their exchanges on March 16.

 

 

Flow’s Security Incident

On December 27, 2025, Flow suffered a protocol-level exploit that resulted in losses of about $3.9 million. The breach was caused by a flaw in the smart-contract runtime within Flow’s execution layer, which allowed the attacker to exploit vulnerabilities in Cadence. 

 

Cadence is Flow’s smart contract runtime. By exploiting the flaw in Cadence, the attacker was able to duplicate Flow tokens instead of properly minting them. 

 

After duplicating the tokens, the attacker attempted to bridge them out of the protocol using cross-chain bridges such as Celer, deBridge, Relay, and Stargate. However, this abnormal activity was detected by Flow’s validator network, which placed the blockchain in read-only mode, halting further asset transfers. 

 

This incident led to a sharp decline in the price of the FLOW token. Prior to the breach, FLOW was trading at around $0.17, but it fell over 40% to roughly $0.097 within hours of the exploit being announced. 

 

Image credit: Tradingview

 

The incident also affected the token’s market cap. Before the breach, FLOW had a market cap of around $280–284 million. After the breach, it fell to approximately $164–170 million. Although the breach directly resulted in a $3.9 million loss, the protocol’s total market value dropped by over $110 million. 

Image credit: Coingecko

 

Following remediation efforts after the incident, the Flow Foundation claimed that every major global exchange has independently reviewed and restored FLOW token trading on their platforms.

 

According to the foundation, the FLOW token remains fully available and tradeable on major exchanges, including Binance, Coinbase, Kraken, OKX, Gate.io, HTX, and Bybit, with Korbit being the only Korean exchange still supporting the trading of FLOW.

 

Trust Wallet Chrome Extension Hack Turns a Quiet Holiday Into a $7 Million Crypto Mess

Crypto has a way of ruining the calendar. Just when things slow down, markets calm, and people log off for the holidays, something breaks. This time it was Trust Wallet, and for some users, it broke badly.

More than $7 million in cryptocurrency was stolen after a compromised version of Trust Wallet’s Chrome browser extension made its way into circulation late last week. The losses came fast, right around December 24, when many users were updating software, traveling, or simply not paying close attention. By the time some noticed something was wrong, their wallets had already been drained.

The issue centered on a specific update to the Trust Wallet Chrome extension. On the surface, it looked like a normal release. No flashing red flags, no obvious warnings. Users installed it the same way they always do, clicking update and moving on. Somewhere along the line, though, malicious code ended up inside that release. Once active, it gave attackers a way to move funds out of users’ wallets quietly and efficiently.

What followed was a familiar pattern for anyone who has watched crypto hacks play out. Wallets that had been untouched for weeks suddenly sent out large transactions. Bitcoin, ether, BNB, and stablecoins flowed into unfamiliar addresses. Analysts tracking the blockchain could see the money moving, hopping between wallets, splitting up, recombining. It was all very visible and completely irreversible.

Trust Wallet confirmed that the breach was limited to one version of the Chrome extension. According to the company, mobile users were not affected, and neither were users who had not installed the compromised update. The company urged anyone using that version to disable it immediately and install the patched release from the official store.

That response helped contain the damage, but it did not undo what had already happened. In crypto, there is no undo button. Once assets leave your wallet, they are gone unless the attacker decides to give them back, which is not something people tend to count on.

Adding to the response, Changpeng Zhao, the Binance co-founder whose company owns Trust Wallet, said affected users would be reimbursed while an internal investigation continues. That promise brought some relief, especially for users who lost significant sums. Still, reimbursement does not erase the bigger concern. People want to know how a malicious update made it through in the first place.

Security researchers were already digging in by the time official statements came out. Some noticed odd wallet activity tied to recent extension updates. Others began pulling apart the extension code, looking for scripts that could leak private data or trigger unauthorized transactions. Warnings spread quickly across social platforms, security channels, and group chats. In crypto, news like this moves faster than press releases.

The episode once again highlighted a long standing weakness in crypto infrastructure. Browser wallet extensions are incredibly popular because they are easy. They connect seamlessly to decentralized exchanges, NFT platforms, and Web3 apps. For many users, they are the default way to interact with crypto on a daily basis. But that convenience comes with risk. Extensions live inside browsers that were never designed to protect private keys holding real money.

A single compromised update can affect thousands of users at once. Unlike phishing attacks that rely on tricking individuals one by one, an extension issue scales instantly. If the update is trusted, users trust it too.

This is why security experts keep repeating the same advice, even if it sounds boring. Large balances should not live in hot wallets. Browser wallets are tools for interaction, not vaults. Hardware wallets and cold storage are slower and less convenient, but they dramatically reduce the risk of exactly this kind of event.

In the aftermath, users have been urged to take several steps. Disable the affected extension. Review transaction histories carefully. Revoke token approvals that might still be active. In some cases, move remaining funds to an entirely new wallet with a fresh seed phrase that was never exposed to the compromised environment. None of this is fun, but waiting is usually worse.

There is also a broader reputational cost. Trust Wallet is one of the most widely used non-custodial wallets in the world. Incidents like this shake confidence, even if the company responds quickly and makes users whole. For newer users especially, it reinforces the idea that crypto is complicated, risky, and unforgiving.

The investigation into how the compromised extension was approved and distributed is still ongoing. Questions remain about whether this was a supply chain issue, a submission process failure, or something else entirely. Those answers will matter, not just for Trust Wallet, but for the wider ecosystem that relies heavily on browser extensions.

 

For now, the lesson is an old one, repeated yet again. In crypto, trust is fragile. Convenience is expensive. And even during the quietest week of the year, something can go wrong fast.

 

Stay Connected

You can stay up to date on all News, Events, and Marketing of Rare Network, including Rare Evo: America’s Premier Blockchain Conference, happening  July 28th-31st, 2026 at The ARIA Resort & Casino, by following our socials on X, LinkedIn, and YouTube. Tickets are available here.