Another day, another exploit. The security crisis in blockchain-based decentralized finance (DeFi), once touted as a challenger to legacy infrastructure, is only getting worse.

The latest victim is Volo Protocol, a platform built on the Sui blockchain, where users deposit assets into yield-generating “vaults,” which function as pooled investments. Deposited tokens such as bitcoin, stablecoins and tokenized assets are deployed using various onchain strategies to generate returns.

Early Wednesday, the protocol confirmed a security breach that drained a total of roughly $3.5 million in digital assets from three of the vaults. Assets locked in other vaults were not affected, it said in a post on X.

“The ~$28M in TVL across all other Volo vaults is safe. The exploit was isolated to 3 specific vaults, and we have confirmed no shared attack vector exists with the remaining vaults,” the protocol said, adding that it is “prepared to absorb” the financial loss rather than pass it on to users.

The attack hit vaults holding wrapped bitcoin (WBTC), Matridock’s tokenized gold token, XAUm, and the dollar-pegged stablecoin USDC. In response, the protocol froze all vaults and began working with the Sui Foundation and onchain investigators to contain the damage and trace funds.

Since the incident, Volo has “frozen” $500,000 in assets through coordination with ecosystem partners, meaning those funds have been immobilized onchain to prevent any movement or withdrawal. Still, the majority of the stolen funds remain under investigation.

Growing unease

The breach adds to growing unease across decentralized finance, where a string of exploits has raised questions about smart contract security and protocol oversight. The timing is particularly sensitive, coming just days after the weekend’s KelpDAO exploit, in which an attacker drained millions by artificially minting unbacked liquid restaking tokens, rsETH.

The aftermath has rippled across the DeFi, triggering collateral damage in multiple protocols, including leading lending platform Aave, where users rushed to withdraw funds because of the heightened uncertainty.

To date, decentralized finance has suffered roughly $7.78 billion in hacks, according to data from DeFiLlama. Bridge protocols — which enable the transfer of assets across blockchains — account for another $2.90 billion in losses. Combined, the figure exceeds $10 billion, roughly equivalent to the market capitalization of cryptocurrencies ranked between 10th and 15th globally.

Volo says it will publish a full post-mortem once its investigation is complete and remediation steps are finalized.

But for DeFi users and investors, a broader pattern is becoming harder to ignore: while institutional adoption is accelerating, relatively little of that capital appears to be flowing into improving security, with exploits continuing to arrive in clusters.

Read more: The $13 billion DeFi wipeout in two days, and it started with KelpDAO attack

TLDR

• Justin Sun, founder of Tron, initiated legal proceedings against World Liberty Financial in California’s federal court system
• The lawsuit alleges WLFI improperly froze Sun’s token holdings, stripped voting privileges, and issued threats to destroy his assets
• Sun attempted private resolution before pursuing litigation
• A new governance measure would permanently lock tokens of holders who don’t consent to new terms
• Sun maintains his support for President Trump’s cryptocurrency initiatives despite the legal conflict

Justin Sun, the blockchain entrepreneur behind Tron, has initiated legal proceedings against World Liberty Financial—a cryptocurrency venture supported by the Trump family—in California’s federal court.

According to Sun’s complaint, the World Liberty Financial team improperly locked his token holdings, eliminated his governance voting capabilities, and issued threats to permanently destroy his investment without providing adequate justification.

Sun maintains he pursued private negotiation channels before resorting to legal action. When the WLFI management refused to restore access to his frozen assets, he determined that litigation was his only remaining recourse.

Previously recognized as World Liberty Financial’s most significant external investor, Sun has now emerged as the project’s most outspoken detractor.

On April 12th, Sun made public allegations that WLFI developers had secretly incorporated a blacklist mechanism within the project’s smart contract infrastructure. This hidden functionality, he asserts, grants the development team authority to freeze, limit, and essentially seize investor assets.

World Liberty Financial addressed these accusations on their social channels, dismissing them as “baseless allegations” and portraying Sun as someone “playing the victim.” The organization suggested imminent legal proceedings with the statement: “See you in court pal.”

The Governance Dispute

The situation intensified following World Liberty‘s April 15th release of a governance resolution. This measure proposes converting more than 62 billion WLFI tokens from unlimited lockup periods into predetermined vesting timelines.

The resolution establishes that founders, development personnel, and advisors would face a two-year token freeze, followed by incremental distribution across three additional years. Additionally, a 10% token destruction would occur upon proposal approval.

Investors declining to accept these revised conditions would see their holdings locked permanently under the current framework.

Sun characterized the resolution as “one of the most absurd governance scams” he’s encountered. He contends it masquerades as a governance initiative while actually functioning as an investor trap for those who don’t actively participate.

Due to his frozen token status, Sun reports he’s completely unable to participate in the voting process—neither in support nor opposition.

Sun Still Backs Trump Despite Legal Fight

Sun emphasized through his public statements that this legal action doesn’t represent opposition to President Trump or his administration’s initiatives.

“Unfortunately, certain individuals on the World Liberty project team have been operating the project in a manner that goes against President Trump’s values,” Sun wrote.

Sun reportedly ranks among the top holders of the TRUMP memecoin. This substantial investment secured him access to an exclusive cryptocurrency gala dinner in May 2025, where he received a commemorative watch during the event.

Analytical data from CoinCarp reveals 642,882 holders of the TRUMP memecoin currently exist. More than 91% of total supply concentration resides within the top 10 wallet addresses.

World Liberty Financial has not issued any official statement regarding the lawsuit when approached by journalists.

A senior U.S. military commander has described Bitcoin as a cybersecurity tool with potential use in national defense.

At a Senate Armed Services Committee hearing on Tuesday, Samuel Paparo said Bitcoin’s role goes beyond financial use cases and can support security systems tied to U.S. strategic interests.

“It is a valuable computer science tool, as a power projection,” Paparo said, adding that the network’s proof of work design “imposes more cost” on attackers attempting to interfere with it. 

“Outside of the economic formulation of it, it has got really important computer science applications for cybersecurity.”

The hearing focused on the U.S. military’s posture in the Indo-Pacific, with discussions spanning ongoing conflicts in Ukraine and the Middle East, China’s military activity, and threats linked to North Korea.

Paparo’s remarks follow earlier comments from Jason Lowery, who has argued that proof-of-work networks can be used to secure digital systems in a cyber conflict. He said Bitcoin is often seen only as a monetary system, while its design can also secure “all forms of data, messages, or command signals.”

State-linked cyber operations have increased in recent years, with attacks such as ransomware, phishing, and denial of service targeting infrastructure and financial systems. The Lazarus Group remains one of the most prominent examples, having stolen billions in crypto over the past decade, funds that U.S. officials say have supported North Korea’s nuclear program.

Paparo’s comments came after Tommy Tuberville asked how the U.S. could lead in Bitcoin-related competition, noting that Chinese policy groups are also examining the asset as a strategic tool. Paparo did not directly address policy steps but pointed to Bitcoin’s underlying structure.

“Bitcoin is a reality. It is a peer to peer zero trust transfer of value. Anything that supports all instruments of national power for the United States of America is to the good,” he said.

Concern over reliance on foreign-made mining hardware has also drawn attention in Washington, even as the U.S. holds the largest Bitcoin reserves among nation states and a significant share of global hashrate.

Last month, Bill Cassidy and Cynthia Lummis introduced the Mined in America Act, aimed at expanding domestic production of Bitcoin mining equipment. The proposal also seeks to formalize the Strategic Bitcoin Reserve established under an executive order signed by Donald Trump.

The attacker behind the roughly $290 million Kelp DAO exploit began moving tens of thousands of Ether to newly created blockchain addresses on Tuesday, in what appears to be an effort to start laundering the stolen funds.

The wallet tagged by Arkham as linked to the Kelp DAO exploit moved about 75,700 Ether (ETH) worth roughly $175 million across three transactions on Tuesday, including a 25,000 ETH transfer to one newly created address and transfers of 50,700 ETH and 0.7 ETH to another.

Blockchain investigator ZachXBT wrote in a Tuesday Telegram post that addresses tied to the exploit had begun moving funds through THORChain and Umbra. He flagged three THORChain transactions totaling about $1.5 million and a separate $78,000 transfer through Umbra.

On Saturday, an attacker drained about 116,500 restaked Ether (rsETH), worth roughly $290 million to $293 million at the time, from Kelp DAO’s LayerZero-powered rsETH bridge.

LayerZero said Kelp DAO’s 1/1 decentralized verifier network (DVN) setup created a single point of failure by relying on a single verifier path for cross-chain messages. LayerZero said it had previously advised against that configuration.

Fallout spreads across DeFi

The transfers came hours after Arbitrum said its 12-member security council had taken emergency action to freeze 30,766 ETH tied to the exploit and move the funds into an “intermediary frozen wallet” accessible only through Arbitrum governance.

The exploit also hit other DeFi protocols, including Aave, where the attacker used the stolen funds as collateral to borrow against the protocol. Early estimates put the hole at about $195 million, but Aave’s Monday incident report later outlined two potential outcomes: roughly $123.7 million in bad debt under one scenario and about $230.1 million under another.

The transfers suggest the attackers had begun moving funds through non-custodial protocols that can complicate tracing and recovery. THORChain does not require traditional Know Your Customer checks.

During the $1.4 billion Bybit hack in 2025, attackers converted about 83% of the stolen Ether into Bitcoin (BTC), with 72% of the funds moving through THORChain, according to Bybit CEO Ben Zhou. Zhou said at the time that 77% of the stolen funds were still traceable.

Related: ZachXBT asks MemeCore to explain valuation and token supply

Aave unfreezes Ethereum V3 market as borrow rates spike

On Tuesday, Aave said it had unfrozen Wrapped Ether (WETH) reserves on the Ethereum Core V3 market, enabling users to supply WETH to the V3 lending protocol once again. However, WETH reserves across Ethereum Prime, Arbitrum, Base, Mantle and Linea remain frozen.

Meanwhile, the thinning liquidity saw Aave’s borrowing rates for USDt (USDT) rise from 3% to 14%, marking the highest figures since December 2024, wrote Julio Moreno, the head of research at analytics platform CryptoQuant, in a Monday X post.

Fears over a potential contagion caused significant outflows from Aave, as its total value locked (TVL) fell by about $10 billion since the exploit to $16.4 billion as of Tuesday, DefiLlama data shows.

Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express