Cork Protocol Suffers $12M Exploit in Smart Contract Attack

As DeFi projects rebound, so too have the threats they face.

Cork Protocol became the latest casualty in a wave of renewed cyberattacks, losing over $12 million in a targeted smart contract exploit.

The breach, detected by cybersecurity firm Cyvers Alerts, occurred at 11:23:19 UTC and was traced to a wallet address ending in “762B.”

According to Cork Protocol, the attacker exploited a vulnerability in the wstETH:weETH market—draining 3,761.87 Wrapped Staked Ether (wstETH), which was swiftly converted into Ether.

While the exploit was limited to this single trading pair, Cork pre-emptively paused all other markets as a security measure.

Cork Moves Fast to Limit Fallout After Exploit While Awaiting Publication of Post-Mortem Report

Shortly after news of the exploit broke, Cork Protocol founder Phil Fogel launched an internal investigation and froze all smart contracts to prevent further losses.

Preliminary analysis suggests the attacker deployed a fraudulent smart contract tied to a spoofed token, allowing them to siphon off the protocol’s available wstETH.

Following the breach, the attacker’s wallet held 4,530.59 ETH—yet to be split across multiple addresses.

This lack of dispersion, coupled with the method used, has sparked speculation of potential ties to North Korean hacking strategies, which often involve delayed asset mixing.

The exploit capitalised on a pricing discrepancy: wstETH was trading at a premium of $3,207.73, well above ETH’s market price in the $2,500 range.

The timing was particularly disruptive—Cork had recently surged in popularity, boasting $23.8 million in total value locked and $563 million in decentralised trading volume for its Depeg Swap tokens, designed for risk hedging.

Since the attack, conflicting data has emerged regarding the protocol’s liquidity.

One metric suggests Cork lost over $1 billion from its wstETH vault, though the full scope of the impact on its Depeg Swap markets remains unclear.

Notably, Cork has no native token, limiting broader market contagion.

The team has promised a full post-mortem report to clarify the extent of the damage and next steps.

Fogel thanked everyone for their support, reiterating that they are actively conducting a thorough post-mortem.

Cork Protocol Joins Victims’ List Alongside Cetus and Others

The Cork Protocol breach marks yet another high-profile security incident in a crypto sector grappling with persistent vulnerabilities.

As hacks continue to erode consumer confidence, industry leaders are increasingly calling for more robust safeguards.

Over the past week alone, attacks on DeFi and DEX platforms have intensified, coinciding with rising liquidity across protocols.

One of the most notable breaches occurred on 22 May, when Cetus—a decentralised exchange built on the Sui network—was compromised, resulting in the theft of $223 million.

Although Sui validators were able to freeze a large portion of the stolen funds, the move ignited a heated debate over the network’s degree of centralisation and the proper role of validators during major crises.

In response, Cetus offered a $6 million bounty to white hat hackers willing to help recover the outstanding assets.

A detailed post-mortem by blockchain security firm Dedaub revealed the exploit stemmed from a flaw in Cetus’ automated market maker (AMM) logic.

Hackers manipulated liquidity parameters by altering undetected values in the binary code’s most significant bits (MSBs)—a technical sleight of hand that enabled them to inject massive amounts of liquidity with minimal input and siphon off funds from multiple pools.

The incident underscores the urgent need for more sophisticated risk controls as DeFi platforms scale.