Volo recovers Sui hack funds, net loss cut to $60K after WBTC/USDC/ETH + XAUm unlock
Volo says it has recovered the remaining assets from last week’s $3.5M Sui vault exploit. In its latest update, Volo recovered about 64.9 ETH obtained by the attacker, cutting the total net loss to roughly $60K—down sharply from earlier estimates.
The attack hit three vaults holding USDC, XAUm and WBTC. Volo previously reported that around 90% of stolen funds were returned by converting proceeds into stablecoins, then bridging back to Sui. The attacker’s flow involved swapping parts of WBTC and XAUm into USDC, bridging to Ethereum, and converting to ETH.
New in this update: Volo intercepted 19.6 WBTC on the LayerZero bridge and later saw those funds reallocated on Ethereum. Separately, the Sui Foundation unlocked 100.6 XAUm so it returned to Volo’s custody.
One vault is still partially unresolved. Volo says the attacker swapped 115 XAUm on Sui, but low DEX liquidity makes completing that size swap difficult. Volo is coordinating with MatrixDock to acquire the missing amount and expects the final vault restart to take longer, without a specific date. Volo will cover the ~$60K loss from its treasury and make users whole.
For traders, the high recovery rate reduces short-term “protocol insolvency” concerns for Sui-related users, but it also underscores persistent DeFi risks around bridge liquidity and swap execution during hacks.
Neutral
Volo’s latest details strengthen the near-term risk outlook: with the recovered ~$60K net loss and continued asset retrieval (including WBTC via LayerZero and XAUm via Sui Foundation unlocks), traders should see less immediate chance of further user losses or insolvency. However, one vault remains partially unresolved and the incident still highlights operational fragility in DeFi—especially bridge execution and DEX liquidity constraints during swaps.
So the price-impact bias for SUI itself is mixed. The recovery narrative is a stabilizer (milder downside sentiment), but ongoing settlement uncertainty and the broader reminder of cross-chain hack pathways keep momentum muted rather than clearly bullish. Hence, a neutral read is more consistent with both summaries’ framing.