Cork Protocol Exploit: $12 Million in Cryptocurrency Stolen
Date: 2025-05-29 Author: Gabriel Deangelo Categories: BUSINESS
Cork Protocol has fallen victim to a major hacker attack, as a result of which the attacker managed to steal cryptocurrency worth more than $12 million. The incident occurred on May 28 and took less than 17 minutes. According to cybersecurity specialists from CyversAlerts, the attack was carried out through a malicious smart contract.
The hacker took advantage of a vulnerability in the protocol's exchange rate calculation algorithm. He created dummy tokens and used them to activate a built-in function that resets the exchange parameters to default values. This gave the attacker access to the liquidity pool, from which he was able to withdraw 3,762 wstETH. These tokens were subsequently converted into 4,530 ETH.
Phil Fogel, the founder of Cork Protocol, confirmed the hack and said that the platform had been temporarily suspended for an investigation. At the time of publication, the stolen funds were still in the hacker's wallet and had not yet been moved to other addresses.
Experts emphasize that the incident once again demonstrates the risks associated with automated smart contracts and vulnerabilities in decentralized financial systems. Despite the security measures taken, such attacks continue to occur.
This is not the first case in recent times: the decentralized exchange KiloEx, which specializes in perpetual futures, was previously subjected to a similar exploit. Then the damage amounted to about $7 million, and the platform was also forced to suspend operations.
The Cork Protocol incident once again emphasizes the importance of thoroughly checking and updating smart contracts, especially in the face of an increase in the number of complex attacks aimed at vulnerabilities in the logic of DeFi products.
