Thief Alters 12 Million Dollars Worth of Crypto from Cork Protocol Breach to Ethereum
On May 28, 2025, the decentralized finance (DeFi) platform, Cork Protocol, experienced a significant security breach, resulting in the theft of approximately $12 million worth of crypto assets. The stolen assets were 3,761.87 wrapped staked Ether (wstETH).
Blockchain security company Cyvers Alerts identified the malicious activity that took place within the wstETH:weETH trading pair of the Cork Protocol. The attacker manipulated the exchange rate within this market, leading to the exploit.
The suspect's wallet was funded by another wallet address, 0x4771.762B, which is believed to be associated with a crypto service provider. Within 16 minutes and 45 seconds of the contract deployment, the attacker successfully exploited it.
Following the incident, Cork Protocol suspended all contracts and initiated an investigation to determine the cause of the breach. The team has promised to keep the community informed of the developments.
An incident of a similar nature occurred weeks earlier with a Solana DeFi protocol, leading to a loss of approximately $5.8 million.
It's worth noting that despite multiple audits, this vulnerability remained undetected. This highlights the sophistication or subtlety of the exploit. The attack exploited a weakness in how the protocol validated token authenticity or price feeds within the wstETH:weETH market.
The rapid conversion of the stolen wstETH into Ethereum after the attack was executed makes it challenging to track the funds' current whereabouts. The investigation is ongoing, and the Cork team is working with auditors, security professionals, tracing experts, and relevant authorities to recover the lost funds.
This incident underscores the ongoing security challenges in DeFi, particularly with wrapped token markets, and the need for more rigorous audits and security checks to ensure the safety of invested assets.
- Cyvers Alerts, a blockchain security company, identified the malicious activity that led to the $12 million crypto asset theft from the Cork Protocol, which was due to manipulation within the wstETH:weETH trading pair.
- The suspect's wallet, responsible for the Cork Protocol breach, was initially funded by another wallet address (0x4771.762B), suspected to be associated with a crypto service provider.
- Prior to the Cork Protocol incident, a Solana DeFi protocol experienced a similar loss of approximately $5.8 million weeks earlier.
- The rapid conversion of the stolen wstETH into Ethereum after the attack makes it difficult to trace the current location of the funds, emphasizing the need for more robust audits and security checks in DeFi, particularly with wrapped token markets, to maintain the safety of invested assets.
