Cork Protocol Hacked for $12M, Smart Contracts Paused
Smart contract hacks and other cybersecurity exploits continue to be a significant issue for crypto and Web3 firms in 2025. The latest victim of this growing problem is Cork Protocol, a decentralized finance (DeFi) platform, which was hit by a smart contract exploit on May 28, resulting in the loss of roughly $12 million in digital assets.
Cyvers, a cybersecurity firm, reported that the hack occurred at 11:23:19 UTC and was funded by an address ending in “762B.” According to Cyvers, the attacker used the exploit to steal roughly 3,761 Wrapped Staked Ether (wstETH), which was converted to Ether (ETH) almost immediately after the attack.
"We are investigating a potential exploit on Cork Protocol and are pausing all contracts. We will report back with more information," said Phil Fogel, co-founder of Cork Protocol, in a statement on X.
A Growing Concern for Crypto Industry
The Cork Protocol exploit is the latest hacking incident to impact the crypto industry, which continues to grapple with cybersecurity issues that lower consumer confidence and prompt calls for improved security measures from crypto industry executives.
Related incidents include the $223 million heist on Cetus, a decentralized crypto exchange (DEX), which occurred just days before the Cork Protocol hack. The Cetus team announced a $6 million bounty for white hat hackers assisting in the return of the remaining stolen funds. Blockchain security firm Dedaub released a post-mortem report dissecting the incident details.
Post-Mortem Analysis: What Went Wrong
The Dedaub report revealed that the hack was caused by an exploit of the liquidity parameters used by the Cetus automated market maker (AMM). The hackers manipulated the field by altering values that went undetected in a most significant bits (MSB) check. This allowed them to add massive amounts of liquidity to the system with only a keystroke and drain other liquidity pools of hundreds of millions of dollars.
Changes to a binary code’s most significant bits dramatically alter the values produced by that binary code, making it nearly impossible for human eyes to detect without automated tools. This exploit highlights the importance of robust security measures and regular audits in smart contract development and deployment.
A Call for Action
The Cetus hack and other recent incidents like the Cork Protocol breach underscore the need for enhanced cybersecurity protocols in the crypto industry. While some argue that there is no shift in crypto security, others believe that these incidents will prompt a renewed focus on improving security measures.
"We can't keep relying on the 'it won't happen to me' mentality," said an industry executive, who wished to remain anonymous. "Cybersecurity is everyone's responsibility, and we need to take proactive steps to protect our users and their assets."