DeFi Platform Cork Protocol Attacked, Leading to $12 Million Loss and Forced to Suspend All Market Activities.
Cork Protocol, a decentralized financial platform specializing in depeg risk prevention, became a victim of a serious network attack on May 28, resulting in the loss of $12 million in digital assets. The incident forced the protocol to temporarily suspend all trading activities to prevent widespread damage.
According to alerts from blockchain security platform Cyvers, the attack was carried out by deploying a malicious smart contract on the Cork Protocol system. Data from Web3 Blockchain Insights shows that the attack wallet was funded from an intermediate address originating from the Whitebit exchange. The hackers stole 3,762 wstETH and quickly converted it to 4,530 ETH.
Cork Protocol confirmed the incident occurred in the wstETH:weETH market at 11:23 UTC, and announced: "All other Cork markets have been suspended to prevent risk spread, and no impact on other markets has been detected so far. We are actively investigating and will update information as progress is made."
Exchange Rate Calculation Mechanism Vulnerability Exploited
The Dedaub security research team identified the core cause of the attack as a vulnerability in the exchange rate calculation mechanism. Dedaub's report points out: "The attacker exploited this weakness by deploying fake tokens – a protocol containing logic that allows reverting to a default value, creating conditions for the attack to be executed."
Cork Protocol, launched in March 2024, is a pioneering DeFi platform that allows users to prevent and trade depeg risks – the phenomenon of pegged assets losing their fixed peg. The protocol is backed by reputable investment funds such as Andreessen Horowitz and OrangeDAO, and is considered innovative in developing the depeg risk insurance layer – a segment previously not fully explored in the DeFi space.
