A hacker exploited a vulnerability in the smart contracts of the DeFi protocol Cork Protocol, stealing $12 million in cryptocurrency, according to Cyvers Alerts specialists.
?ALERT?Our system has identified a $12M smart contract exploit, with @CorkProtocol potentially the victims.
A malicious contract was deployed on May 28, 2025 at 11:23:19 UTC by an address funded by 0x4771…762B (likely a service provider).
Just 16 minutes and 45 seconds… pic.twitter.com/72ScizbJPZ— ? Cyvers Alerts ? (@CyversAlerts) May 28, 2025
On May 28, the hacker deployed a malicious contract. In less than 17 minutes, they withdrew 3761.87 wstETH and immediately exchanged them for Ethereum. The stolen funds have not yet been moved.
The Cork team confirmed the incident and suspended all contracts. Developers are investigating and promised to provide details later.
We are investigating a potential exploit and are pausing all contracts. We will report back with more information as soon as possible.
— Cork Protocol (@Corkprotocol) May 28, 2025
The project, which offers a tool for tokenizing depeg risk, launched its mainnet on the Ethereum network on March 4. Launch partners included Lido Finance and Ethena Labs.
? Cork has launched its beta on Ethereum Mainnet!
We’re introducing a new DeFi primitive that tokenizes the risk of depeg events.
With our key launch partners @lidofinance, @ether_fi, @ethena_labs, and @skyecosystem, Cork is initiating a new phase of DeFi defined by more… pic.twitter.com/EmdPCdDnmT
— Cork Protocol (@Corkprotocol) March 4, 2025
Earlier in May, attackers targeted the DEX Cetus pools on the Sui network. The platform team offered the hacker $6 million for the return of 20,920 ETH.
Dedaub specialists explained the breach as a vulnerability in the liquidity parameter checks of the automated market maker.
Subsequently, Sui validators approved a plan to recover $162 million for Cetus users. The vote will conclude on June 3.