Exploit Pockets $12 million from Cork Protocol, Swiping 3,760 wstETH
In a significant digital heist, hackers targeted a decentralized finance platform called Cork Protocol, successfully stealing tokens worth approximately $12 million on May 28, 2025. The incident was first brought to light by security firm SlowMist, who pointed out a potential smart contract vulnerability involving around 3,760 wrapped staked Ethereum (wstETH) tokens.
In response to the report, Cork Protocol confirmed a "security incident" affecting both wrapped staked Ethereum tokens and wrapped Ethereum tokens. Consequently, the platform temporarily halted its smart contract operations to prevent further exploitation. According to Cork Protocol, no other markets on the platform were affected. They are currently investigating the matter and plan to provide updates.
Investigations by blockchain security firm Cyvers suggest that the attacker deployed a malicious contract with an address possibly linked to a service provider used by Cork Protocol. Within mere minutes, the malicious contract was executed, and the attacker swiftly swapped the stolen wstETH for Ethereum. As of now, the stolen Ethereum remains unmoved in other wallets.
Cork Protocol offers users a way to hedge against token depeg risks, including wrapped stablecoins, liquid staking, and restaking tokens. The wstETH to weETH trading pair is one of the core markets the protocol secures. However, these wrapped tokens expose users to additional risks such as counterparty risks, smart contract vulnerabilities, and potential exploits. In a breach or rug pull, the wrapped version of a token could become less valuable than its unwrapped counterpart, leading to substantial losses for users.
The incident serves as a stark reminder of the vulnerabilities in protocol design and the significance of thorough security audits to prevent such exploits. Despite undergoing private audits and public bug bounty contests, the vulnerability at Cork Protocol went unnoticed before the incident. The full extent of the damage and the actions taken to address the issue will become clearer as the investigation continues.
- The stolen tokens, worth around $12 million, from the decentralized finance platform Cork Protocol were primarily crypto tokens, including wrapped staked Ethereum (wstETH) and wrapped Ethereum (weETH).
- The attacker,, using a malicious contract, swapped the stolen wstETH for Ethereum and the stolen Ethereum is currently held in other wallets.
- Cork Protocol, apart from offering hedging against token depeg risks, also provides liquid staking and restaking tokens, and secured trading pairs like wstETH to weETH.
- This incident underscores the importance of thorough security audits and the potential vulnerabilities in protocol design, as the vulnerability at Cork Protocol went unnoticed despite private audits and public bug bounty contests.
- The crypto industry, particularly the FinTech sector, relies heavily on blockchain technology, making it crucial to address these vulnerabilities for secure transactions.
- As the investigation into the Cork Protocol incident continues, there will be findings revealing the full extent of the damage and the actions taken to address the issue, potentially leading to improvements in DeFi, crypto, and FinTech industry security.
