Hackers strike again: Cork Protocol loses $12M in latest incident
Exploits and hacks returned with the general recovery of DeFi projects. The latest registered exploit took $12M from Cork Protocol.
Cork Protocol lost $12M due to a malicious smart contract, with outflows intercepted by Cyvers Alerts. Hacks against DeFi and DEX platforms accelerated in the past week, tapping the growing liquidity.
🚨ALERT🚨Our system has identified a $12M smart contract exploit, with @CorkProtocol potentially the victims.
A malicious contract was deployed on May 28, 2025 at 11:23:19 UTC by an address funded by 0x4771…762B (likely a service provider).
Just 16 minutes and 45 seconds… pic.twitter.com/72ScizbJPZ— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 28, 2025
Cork Protocol explained that the hack affected a single market, the wstETH:weETH trading pair, but all other markets were paused for added security.
The exploit tool 3,761.87 wstETH from the protocol, which was swapped back into ETH. The attack follows recent exploits against Usual Protocol and Cetus DEX.
Cork took precautions to prevent further losses
Soon after the initial announcement, Phil Fogel, the founder of Cork Protocol, opened an investigation, while freezing all of the project’s smart contracts to stop further losses. The first explanation for the protocol exploit is that the hacker created a fake smart contract for a token, which enabled the wallet to drain the available wstETH.
After the exploit, the identified attacker wallet held a total of 4,530.59 ETH, still not split to other addresses. A split and attempts to mix the ETH is often recognized as the strategy of DPRK hackers.
The disparity for the hacker comes from the premium price of wstETH. The asset traded at 3,207.73, a significant premium over the price of ETH in the $2,500 range.
The attack coincides with a time of high activity for Cork Protocol. In May, the protocol locked in over $23.8M in total value locked, with $563M in decentralized trading for its risk-hedging Depeg Swap tokens.
After the hack, the protocol showed disparate results on its liquidity data. According to one metric, the protocol lost over $1B from its wstETH liquidity vault.
So far, Cork Protocol has not given a complete breakdown of the exploit and the effect on its Depeg Swap markets. It does not have a native token, and cannot have additional market effects from the hack.
The Cork Protocol project drew in funding from top-tier VC backers, including a16z, Orange DAO and Unbounded Capital. The project’s funding was not announced, and the project took its place among the DeFi ecosystem without significant publicity.
Cork Protocol measures risk for stablecoins
Cork Protocol is a relatively new risk-trading platform. The project launched on Ethereum in early March. The protocol tokenizes the risk of de-pegging events for major stablecoins and liquid re-staking tokens.
The mission of Cork Protocol was to observe, protect and offer hedging for up to $300M of assets at risk of depegging during periods of market turbulence. The protocol is focusing on the riskiest algorithmic stablecoins, which are the most exposed to market shifts and often never regain their $1 price after the crisis.
To achieve its hedging goal, Cork Protocol introduced the Depeg Swap, a new financial primitive. Traders can swap the risk assigned to de-pegging events, thus creating insurance for their own token. The project has reportedly been endorsed by Ethena Labs, LidoDAO and other DeFi projects in the Ethereum ecosystem.
Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot
Recommended Articles
