Volo Protocol's vault admin private key was compromised on April 21, 2026. The attacker drained $3.5 million across three isolated Sui vaults — WBTC, XAUm, and USDC — routing $1.55 million off-chain via Circle's CCTP in six transactions. Attacker: 0xd763599972ea5a8cfe53d182371ee010dc52ace7e39ccff7d8803ba7100fa46a on Sui. Volo intercepted 19.6 WBTC at bridge exit; net loss after recovery: ~$60K. Source: https://rekt.news/volo-rekt