The decentralized finance (DeFi) ecosystem continues to face significant security challenges, as evidenced by a recent breach affecting Cork Protocol. The platform, designed to facilitate the tokenization and trading of de-peg risks within the crypto space, was targeted in an exploit that resulted in the theft of approximately $12 million in digital assets. This incident prompted an immediate response from the Cork Protocol team, leading to the temporary suspension of all trading markets while an extensive investigation is underway.
Details of the Security Incident
The security breach occurred on May 28, 2025. According to initial reports, an attacker exploited a vulnerability within Cork Protocol’s smart contracts, specifically targeting the wstETH:weETH market. The malicious contract involved in the exploit was reportedly deployed around 11:23 UTC. Within minutes of its deployment, the attacker successfully leveraged the vulnerability, siphoning off a substantial amount of crypto assets.
The exact amount stolen was 3761.87 wstETH, which the perpetrator subsequently converted into Ethereum (ETH). Blockchain analytics firms, including Cyvers and SlowMist, were among the first to flag the incident, confirming the exploit’s details. Cyvers noted the swift nature of the attack, highlighting the short window between the contract’s deployment and the actual exploit.
Response and Investigation
Following the breach, Cork Protocol’s founder, Phil Vogel, publicly acknowledged the incident, assuring stakeholders that more information would be released as the investigation progresses. While the initial exploit primarily impacted the wstETH:weETH market, the development team took proactive measures by pausing all other Cork markets as a precaution to prevent further unauthorized activity.
The stolen funds have been tracked by experts, including MistTrack, and their current location on the blockchain (as observed via Etherscan) suggests the perpetrator has not yet laundered the stolen assets. The team’s immediate priority remains a thorough investigation to understand the full scope of the attack and implement necessary security enhancements.
There was a security incident affecting the wstETH:weETH market at 11:23 UTC today.
All other Cork markets have been paused as a precaution, and no other markets have been impacted.
We are actively investigating the situation and will continue to provide updates as more details…
— Cork Protocol (@Corkprotocol) May 28, 2025
About Cork Protocol
Cork Protocol officially launched in March 2025, positioning itself as an innovative platform within the DeFi landscape. Its core offering allows users to tokenize and trade risks associated with the de-pegging of various crypto assets, providing a unique financial instrument for managing volatility in decentralized markets.
The project had previously secured a funding round in September 2024, attracting support from prominent investors such as OrangeDAO, IDEO CoLab Ventures, and over 20 other angel investors and venture capital firms. While the exact amount of the funding round was not disclosed, the backing from such entities underscored confidence in the platform’s vision and potential prior to this security incident. The current focus remains on resolving the exploit and restoring user trust.
Maxwell Reed is the first editor of Cryptovista360. He loves technology and finance, which led him to crypto. With a background in computer science and journalism, he simplifies digital currency complexities with storytelling and humor. Maxwell began following crypto early, staying updated with blockchain trends. He enjoys coffee, exploring tech, and discussing finance’s future. His motto: “Stay curious and keep learning.” Enjoy the journey with us!