- Cork Protocol suffers $12 million loss in wstETH due to smart contract exploit.
- All smart contracts paused following the breach announcement.
- Backing from a16z CSX and Orange DAO underscores institutional involvement.
A $12 million hack targeted Cork Protocol, backed by a16z CSX and Orange DAO, on May 28, 2025.
Cork Protocol, supported by prominent investors like a16z CSX and Orange DAO, was exploited through a $12 million smart contract breach. The incident, reported by SlowMist and Cyvers, highlights persisting security challenges in decentralized finance. The breach involved unauthorized access to Cork’s system, enabling the malicious extraction of 3,760+ wstETH tokens. Initially swapped for 4,530 ETH, these assets indicate a significant defect in the protocol’s security mechanisms.
The immediate aftermath saw a swift market reaction, with all of Cork Protocol’s smart contracts paused to prevent further exploitation. This incident mirrors previous attacks on DeFi platforms, raising questions about systemic security gaps. The hack primarily affected wstETH, linked to Ethereum, with no other altcoins impacted. The loss underscores the ongoing risks inherent in sophisticated blockchain infrastructures, compelling a reevaluation of safety measures.
ALERT Our system has identified a $12M smart contract exploit, with @CorkProtocol potentially the victims. A malicious contract was deployed on May 28, 2025 at 11:23:19 UTC… Just 16 minutes and 45 seconds…
No industry-wide regulatory changes followed the Cork Protocol breach, although the event revived discussions on stricter oversight. The incident adds to a series of high-profile DeFi hacks, pressuring developers to focus on innovative security solutions. Historical parallels to Curve Finance and Euler Finance breaches suggest similar future vulnerabilities. The market’s demand for enhanced protective protocols remains acute, with an emphasis on trust restoration.
