Volo Protocol, a decentralized finance protocol built on the Sui blockchain, has suffered a security breach that led to the loss of approximately $3.5 million in digital assets.

 

In an effort to maintain transparency, the team in an X post on Wednesday publicly announced the security breach. According to the team, the attack only affected assets in selected vaults, including Wrapped Bitcoin (WBTC), Matrixdock Gold XAUm, and USDC (USDC).

 

 

On detecting the breach, the team said it acted quickly to contain it and minimize further damage. It stated, “We detected the attack, immediately notified the Sui Foundation and ecosystem partners to contain the damage, and froze the vaults to prevent any further exposure.”

 

As of the time of its first reporting on the incident, the Volo team said that the $28 million in total value locked across other vaults was safe, adding that all vaults on the protocol were temporarily frozen pending a full postmortem and remediation. The team also said it was in damage control mode and was actively working with on chain investigators and ecosystem partners to recover the stolen funds.

 

The team released updates on the hack

Since the hack happened, the Volo team has, in three separate updates, transparently informed the community about the efforts being made to recover the stolen funds.

 

In the first two updates, the team said it was already working with ecosystem partners and had successfully frozen approximately $500 million of the stolen funds, while also intercepting and blocking the hacker’s attempt to bridge 19.6 WBTC. According to the Volo team, these funds were no longer under the hacker’s control.

 

In a third update, the team said it had already frozen $2 million of the stolen funds, and that together with ecosystem partners and security teams, it had flagged the hacker’s EVM addresses across the majority of centralized exchanges, swappers, and KYC tools.

 

The Volo protocol hack came shortly after the KelpDAO exploit and the Drift Protocol exploit, which led to a combined loss of over $570 million, and are currently the largest DeFi hacks that have occurred this year. So far, over $770 million has been lost to DeFi hacks this year.

 

 

Tether has never been shy about playing offense. And in the wake of one of the worst hacks to hit Solana's DeFi ecosystem, the world's largest stablecoin issuer saw an opening, and took it.

 

On April 16, Tether announced a recovery package worth up to $127.5 million for Drift Protocol, the Solana-based perpetual futures exchange that was drained of roughly $285 million on April 1 in a sophisticated hack attributed to North Korean operatives. Combined with $20 million pledged by other partners, the total rescue fund comes to nearly $150 million. But the dollar figure is almost secondary to what Tether actually got in return.

 

The Real Prize: Kicking USDC Off Solana's Biggest Perp DEX

As part of the deal, Drift will swap out Circle's USDC for Tether's USDT as its core settlement asset. That means 128,000 users and more than 35 ecosystem teams, including Gauntlet, Neutral, and M1, all migrate to a USDT-based trading environment. On a network where USDC has historically dominated, this is huge play.

 

On Solana, Circle's USDC carries a market cap of around $8.1 billion, compared to Tether's $3.05 billion. That's a more than 2.6-to-1 advantage for Circle on the chain. In global terms, the picture is reversed: USDT's circulating supply tops $185 billion versus roughly $79 billion for USDC. Tether has always dominated the overall stablecoin market; it just hasn't had much luck on Solana. Until now, maybe.

 

Paolo Ardoino, Tether's CEO, framed the intervention in fairly lofty terms. "Tether's role in the digital assets ecosystem is to provide a platform for individuals and institutions alike that is ready to step forward to help the industry in the moment of darkness," he said in a statement.

 

That said, analysts aren't exactly reading this as pure altruism. As one observer put it, the Drift exploit was, for Tether, an "operational window" to buy market share at a moment of maximum vulnerability. The funding structure itself reinforces this reading: repayments to affected users are tied to future trading activity on the relaunched platform, meaning Tether's money goes further the more Drift succeeds as a USDT venue.

 

Circle Gets the Blame, Tether Gets the Spoils

Tether saw the opening and definitely took it. Circle finds itself under intense scrutiny in the days following the Drift hack, after attackers transferred more than $230 million in USDC from Solana to Ethereum using Circle's own cross-chain transfer protocol. Critics, including on-chain investigator ZachXBT, pointed out that Circle had a window of at least six hours to blacklist the relevant wallets and freeze the funds, and did nothing.

 

Circle CEO Jeremy Allaire later defended the company's position, saying that USDC wallets are only frozen when directed by law enforcement or courts, not unilaterally during active hacks. The argument tracks with Circle's broader regulatory strategy, which prioritizes institutional alignment and compliance above all else. Whether that's the right call is debatable. What's less debatable is that a class action lawsuit has reportedly been filed against Circle in the aftermath, alleging the firm knowingly allowed attackers linked to North Korea to offload stolen funds through its own infrastructure.

 

Tether, by contrast, has a long history of freezing funds tied to hacks and illicit activity quickly, often without waiting for court orders. That operational difference has real consequences for platforms that care about protecting users when things go wrong.

 

How Drift Gets Back on Its Feet

The April 1 attack was a serious one. Blockchain analytics firm Chainalysis estimates losses at approximately $285 million. According to Drift's own postmortem, the attackers used a combination of social engineering and a technical method known as "durable-nonce pre-signing" to obtain privileged administrative access, a scheme that reportedly began at least six months before the exploit was executed. From there, the attackers deposited worthless CVT tokens as fake collateral, then withdrew real USDC, SOL, and ETH.

 

Drift's TVL, which was above $550 million before the attack, has since fallen to around $242 million. The protocol's recovery framework targets $295.7 million in outstanding user losses, a figure that actually exceeds its current TVL. To bridge that gap, the plan leans on future trading fee revenue flowing into a dedicated recovery pool. Users will also receive a separate recovery token representing their claim on that pool, transferable and distinct from the DRIFT governance token.

 

The market responded well to the announcement: DRIFT token surged roughly 22%, climbing from $0.045 to $0.055 on the day, after having fallen as much as 30% in the immediate aftermath of the exploit.

 

A Stablecoin War Fought One Bailout at a Time

The Drift deal lands at a time when competition in the stablecoin market is genuinely heating up. USDC has made real headway in institutional and DeFi use cases over the past couple of years, partly by positioning itself as the "clean" option for regulated environments. Circle's IPO plans have only reinforced that narrative.

 

Tether still holds a commanding global lead, but the gap in on-chain activity has been narrowing. Coindesk data shows USDC transaction volumes outpaced USDT's in recent months, and Circle's market share has been expanding. This makes Solana, where USDC has been strongest, a particularly important front in what is increasingly looking like a full-scale stablecoin war.

 

Whether the Drift bailout actually converts into lasting USDT dominance on Solana remains to be seen. Relaunch is contingent on Drift completing two independent security audits, and rebuilding trust with users after a $285 million heist takes more than a well-funded recovery plan. But Tether, at least for now, holds a key piece of Solana's DeFi architecture. And it didn't exactly have to do much begging to get it.

 

An X user with the username "Sillytuna" has reportedly lost $24 million in Aave Ethereum USDC (aEthUSDC) in an attack that involved a combination of violence, sexual assault, weapons, and threats to life.

 

 

"Bruised, held off while I could, but can't do that much with axes over your hands and feet," Sillytuna wrote. The user further stated that he was, at this point, done with crypto. In his words, "And now... definitely out of crypto ****ers."

 

While the matter has already been reported to law enforcement, no official statement has been issued by the authorities. However, the X user has announced a 10% bounty for whoever helps recover the stolen funds.

 

 

 

How the Crypto Community Reacted

Shortly after the news went viral, the crypto community reacted with mixed feelings, with many commiserating with the user over their loss. Some also raised awareness about the deplorable state of security in the United Kingdom. Apparently, the victim is a UK resident.

 

 

Amid the sympathy from the global crypto community, some, however, doubted the authenticity of the victim's story.

 

According to YokaiCapital, an X user, the victim had not posted anything about crypto before. He also alleges that the victim's account appears to have been bought recently.

 

"He will probably shill the coin at some point or say that he will take donations from the coin," YokaiCapital went on to write. 

 

However, the victim has denied allegations that he intentionally wanted to trend and claims the stolen funds were long-term holdings.

 

 

How the Attackers Moved the Stolen Funds

Tracking the stolen funds, blockchain analytics firm Arkham Intelligence said that the attackers moved the funds across Layer 2 networks, Bitcoin, and Monero, obviously to evade trail.

 

 

 

Roughly $20 million of the stolen funds were stored in two Ethereum addresses as DAI, a stablecoin on the Ethereum network, while $2.48 million was bridged to USDC on Arbitrum.

 

Arkham reported that the attackers sent $2.47 million to Hyperliquid through 19 separate Wagyu accounts, which were used to convert the funds to Monero (XMR).

 

The attackers also bridged $1.1 million to the Bitcoin blockchain using LiFi, noting that 0.5 BTC was deposited into a mixing service, Arkham added.