News

Cork Protocol loses $12M in exploit; 3,760 wstETH stolen

Published

1 day ago

May 28, 2025

Cork Protocol lost $12M in a hack with 3,760 wstETH stolen. A smart contract issue was flagged, leading to a temporary smart contract shutdown.

Cork Protocol suffered a $12 million hack, and attackers stole 3,760 wstETH.

Cybersecurity company SlowMist flagged a suspected smart contract issue affecting 3,760 wrapped staked Ethereum on Wednesday, May 28.

In response to the report, Cork Protocol acknowledged a “security incident” impacting both wrapped staked Ethereum (wstETH) and wrapped Ethereum (wETH) tokens.

To mitigate further risk, the protocol temporarily disabled the smart contract.

There was a security incident affecting the wstETH:weETH market at 11:23 UTC today.

All other Cork markets have been paused as a precaution, and no other markets have been impacted.

We are actively investigating the situation and will continue to provide updates as more details…
— Cork Protocol (@Corkprotocol) May 28, 2025

Cork Protocol assured users that the breach affected only the specified markets and did not extend to other platform markets.

The team is actively investigating the issue and will release further information soon.

Blockchain security firm Cyvers stated that the attacker deployed a malicious contract originating from the address funded by 0x4771…762B.

🚨ALERT🚨Our system has identified a $12M smart contract exploit, with @CorkProtocol potentially the victims.

A malicious contract was deployed on May 28, 2025 at 11:23:19 UTC by an address funded by 0x4771…762B (likely a service provider).
Just 16 minutes and 45 seconds… pic.twitter.com/72ScizbJPZ
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 28, 2025

Cyvers claims that a service provider likely owns this address, meaning Cork Protocol was utilizing a DeFi protocol, exchange, or bridge linked to it.

Within 16 minutes, the attacker ran the malicious contract and rapidly swapped the wstETH for Ethereum.

So far, the attacker has not moved the stolen ETH from its current wallet.

Cork Protocol provides users with a way to hedge against the potential depegging of tokens, including wrapped stablecoins, liquid staking, and restaking tokens.

The protocol protects the core market of the wstETH/weETH trading pair.

Since users can perform decentralized finance tasks with wrapped tokens that native tokens do not permit, wrapped tokens offer distinct benefits.

However, users must recognize heightened risks, including counterparty concerns, smart contract vulnerabilities, and the chance of exploits.

If a hack or rug pull occurs, holders might see the wrapped token fall below the worth of its unwrapped counterpart, resulting in considerable losses.

Users can secure their assets on Cork Protocol by purchasing depeg swaps when the value dips below the peg.

The platform offers securitization beyond wstETH and weETH to include wETH to wstETH, sUSDS to USDe, and sUSDe to USDT.

Core Protocol has stated they would publish a postmortem soon.

Security Incident Update

Today at 11:23 UTC, Cork Protocol experienced a security incident affecting the wstETH:weETH market, involving approximately 3,761.8 wstETH.

All other markets are unaffected and have currently been paused as the team works with auditors to ensure the… https://t.co/QTgOs0sg2b
— Cork Protocol (@Corkprotocol) May 28, 2025