Lei Wu

📋 Community Status Report - Volo Protocol We want to provide our community with a full and honest account of where things stand following yesterday's security incident. We owe you clarity, and we are committed to providing it every step of the way. 1. Cause of the Hack Our investigation is ongoing, and we do not want to speculate on details before we have a complete picture. What we can share at this stage: we believe the attack was the result of a private key compromise. Despite our best efforts and security practices in place, the attacker was able to exploit this vector to access the affected Vaults. This was not a smart contract vulnerability or a protocol-level exploit; the Sui blockchain and its infrastructure performed as intended throughout. A full technical post-mortem will be published once the investigation is concluded. We are working with security partners to ensure this cannot happen again. 2. Fund Recovery - $2M Successfully Frozen Of the ~$3.5M in assets taken, we have successfully frozen approximately $2M in close coordination with the Sui Foundation and ecosystem partners. This was the result of a rapid, round-the-clock effort from our team and the broader ecosystem. We are continuing to work through the details of the recovery and return process with our partners during EST business hours on Wednesday. A further update will follow as soon as those discussions are concluded. 3. Making Users Whole - We Are Fully Prepared For the remaining ~$1.5M, we are fully prepared to make every affected user whole. No user will be left out of pocket. We know that a promise alone is not enough - we will be communicating every step of the process transparently before funds are returned, so you know exactly what is happening and when. Details on the reimbursement process will be shared shortly. We are deeply sorry this happened. The Volo Team is working without pause to resolve it and to rebuild the trust you have placed in us. Thank you for your patience and continued support.

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude - Is this the first hack of vibe-coded Solidity code?