.png){kind=logo}
Cork Protocol, a decentralized finance (DeFi) platform, experienced a $12 million exploit on May 28 due to a vulnerability in its smart contract. The attacker utilized a funded wallet to drain 3,761 Wrapped Staked Ether (wstETH), which was then swiftly converted into Ethereum (ETH), as reported by the cybersecurity firm Cyvers.
The exploit on Cork Protocol was started at 11:23:19 UTC by an address ending in “762B.” Cyvers revealed that the hack occurred when an attacker identified and exploited a vulnerability in one of the deployed contracts. The firm also revealed that the stolen wstETH was swiftly swapped for ETH, which trades at $2,720 at the time of writing.
In response to the incident, Cork Protocol co-founder Phil Fogel stated on X, “We are investigating a potential exploit on Cork Protocol and are pausing all contracts. We will report back with more information.” The pause aims to prevent further losses as the team continues its forensic review.
The issue shows that the DeFi space is worried about security gaps at the core level of protocols. While smart contracts are designed for secure and trustless transactions, they are still frequently targeted by advanced threats, raising concerns among investors and developers.
The Cork Protocol hack occurred after the Cetus DEX lost more than $223 million in a high-profile breach only six days earlier. The Cetus project relies on the Sui blockchain, and attackers exploited a weakness in the smart contract to alter the required liquidity parameters. The sudden changes did not perform necessary bit checks, resulting in the entry of false liquidity and the loss of legitimate assets.
Sui validators successfully froze a portion of the stolen funds, sparking debate about the risks of centralization within supposedly decentralized networks. Cetus has since offered a $6 million bounty to white hat hackers who can help recover the remaining funds.
Dedaub, a blockchain security firm, shared a post-mortem analysis of the Cetus hack following its occurrence. The study showed that attackers used binary field manipulation to bypass security, demonstrating how minor errors can lead to significant losses.
These back-to-back attacks show that DeFi security remains a persistent security challenge. As a result of these incidents, investors are becoming more hesitant and have urged the industry to establish stricter audit practices and more effective contract management policies.
According to Cyvers, the Cork Protocol attack adds to a growing list of DeFi platforms that have suffered exploits in recent months. As on-chain activity grows, developers face mounting pressure to safeguard user funds and maintain trust in decentralized financial infrastructure.
Also Read: Bybit Takes Action: $3.84M in Hacked Crypto Frozen Amid Major Crackdown
The number of hacking incidents in the crypto sector has increased, resulting in nearly $357 million of losses during April alone. Those leading the industry are insisting that quick and reliable risk management, along with regular security reviews, can prevent more incidents from occurring.
