Cork Protocol Hit By $12 Million Hack, 3,760 WstETH Tokens Stolen

Hackers exploited a vulnerability in a smart contract tied to wrapped staked Ethereum (wstETH), stealing approximately $12 million worth of tokens.

The incident impacted decentralized finance (DeFi) platform Cork Protocol. On Wednesday, May 28, cybersecurity firm SlowMist reported the breach, which involved the unauthorized withdrawal of 3,760 wstETH tokens.

After the initial report, Cork Protocol confirmed it had experienced a “security incident” impacting both wrapped staked Ethereum (wstETH) and wrapped Ethereum (wETH) tokens. In response, the platform temporarily paused its smart contract to prevent further losses.

Cork Protocol emphasized that no other markets on its platform were compromised. The team assured users that an investigation is underway and promised to share further updates as the situation develops.

What Happened to Cork Protocol?

Blockchain security firm Cyvers reported that the recent exploit on Cork Protocol involved a malicious smart contract created by the attacker. This contract was funded by the address 0x4771…762B, which Cyvers believes is linked to a third-party service provider—potentially a DeFi platform, crypto exchange, or cross-chain bridge integrated with Cork Protocol.

Within just 16 minutes of deployment, the attacker executed the contract and swiftly converted the stolen wrapped staked Ethereum (wstETH) into Ethereum (ETH). As of now, the stolen ETH remains in the attacker’s wallet and has not been transferred elsewhere.

Cork Protocol enables users to hedge against the risk of token depegging, covering various wrapped assets such as stablecoins, liquid staking tokens, and restaking tokens. One of the key markets it supports is the trading pair between wrapped staked Ethereum (wstETH) and wrapped Ethereum (weETH).

These wrapped tokens allow users to engage in DeFi activities that aren’t possible with the original native assets. However, this wrapping process introduces additional risks, including counterparty risk, vulnerabilities in smart contracts, and exposure to potential exploits. If a hack or rug pull occurs, the wrapped tokens may lose value compared to their native equivalents, potentially causing significant financial losses for holders.

To mitigate such risks, Cork Protocol offers depeg swaps, which users can purchase to protect their assets if their tokens fall below the expected peg. Besides the wstETH/weETH pair, the platform also provides securitization services for wETH/wstETH, sUSDS/USDe, and sUSDe/USDT pairs.

Share this article
Shareable URL
Leave a Reply

Your email address will not be published. Required fields are marked *

Read next
0
Share