Cork Protocol Exploited for 3,762 wstETH ($12M), Converted to 4,530 ETH; Security Firms Detect Breach

Cork Protocol, an asset-pegged protocol backed by a16z CSX and Orange DAO, has suffered a major security breach resulting in losses estimated between $11 million and $12.1 million. The exploit was detected on May 28, 2025, with several blockchain security firms including CyversAlerts, Blockaid_, SlowMist, Hacken, Lookonchain, and Phalcon_xyz confirming suspicious activity and the attack.

A malicious contract was deployed on May 28, and the attack lasted 16 minutes and 45 seconds. The attacker exploited a vulnerability in the protocol's exchange rate computation by deploying fake tokens, which triggered fallback logic to a default value. This allowed the attacker to drain 3,762 wstETH, valued at approximately $12 million.

Following the breach, the stolen 3,762 wstETH was quickly converted into 4,530 ETH through multiple transactions. The Ethereum address associated with the attacker currently holds over 4,530 ETH, valued at more than $12 million.

Cork Protocol's co-founder, Phil Fogel, stated that an investigation is ongoing and all contracts have been paused to prevent further losses.

This is an AI-generated article powered by DeepNewz, curated by The Defiant. For more information, including article sources, visit DeepNewz.