Cork Protocol, a DeFi platform launched in March 2025, suffered a $12 million exploit targeting its wrapped staked Ether (wstETH) smart contract on May 28, 2025. Despite undergoing four audits, including two audit contests before launch, an undiscovered vulnerability allowed a malicious contract deployed by an attacker to drain 3,761.87 wstETH from the wstETH:weETH liquidity pool within 17 minutes.
The attacker swiftly converted the stolen wstETH into regular ETH, though the funds have not yet been dispersed across multiple wallets. The exploit originated from an address linked to a service provider potentially used by Cork for bridging or liquidity functions, revealing critical integration points that exposed the protocol to this complex vulnerability.
In response, Cork Protocol promptly paused all trading activity, particularly for the affected market pair. The team, including co-founder Phil Fogel, is conducting an ongoing internal investigation to assess the breach's full scope and origin in collaboration with auditors, partners, and security researchers.
Cork Protocol had gained credibility through backing by prominent investors such as a16z Crypto, OrangeDAO, and Steakhouse Financial and participation in the a16z CSX Fall 2024 accelerator. However, the hack critically challenges confidence in security audits' effectiveness against sophisticated threats facing decentralized finance platforms.
This incident underscores cybersecurity risks persisting in crypto protocols, prompting calls for enhanced protective measures. The community awaits detailed post-mortem insights and steps to reinforce resilience against similar attacks.