DeFi platform Cork Protocol has suffered a major security breach due to a smart contract exploit, resulting in the theft of around $12 million of digital assets.
Blockchain security firm SlowMist first flagged the exploit, which was later confirmed by Cork Protocol founder Phil Fogel on X.
Cork Protocol has paused all smart contracts and trading on the platform as a precautionary measure as it investigates the breach.
This story is an excerpt from the Unchained Daily newsletter
To get these updates in your email for free, subscribe here.
The attacker appears to have targeted the wstETH:weETH trading pair, draining about 3,761 Wrapped Staked Ether (wstETH) from the protocol’s liquidity pool in just 17 minutes, according to analysis by blockchain security firm Cyvers.
The stolen wstETH was then rapidly converted into ETH, making the funds difficult to trace.
“Fake tokens were used to manipulate the exchange rate which led to the exploit,” said CD Security founder and smart contract researcher Dimitar Dimitrov. “Unfortunately, 4 audits (2 of which were contests) were not enough to discover the vulnerability.”
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
Cork Protocol Theft Costs It $12M - Unchained
DeFi platform Cork Protocol has suffered a major security breach due to a smart contract exploit, resulting in the theft of around $12 million of digital assets.
Blockchain security firm SlowMist first flagged the exploit, which was later confirmed by Cork Protocol founder Phil Fogel on X.
Cork Protocol has paused all smart contracts and trading on the platform as a precautionary measure as it investigates the breach.
This story is an excerpt from the Unchained Daily newsletter
To get these updates in your email for free, subscribe here.
The attacker appears to have targeted the wstETH:weETH trading pair, draining about 3,761 Wrapped Staked Ether (wstETH) from the protocol’s liquidity pool in just 17 minutes, according to analysis by blockchain security firm Cyvers.
The stolen wstETH was then rapidly converted into ETH, making the funds difficult to trace.
“Fake tokens were used to manipulate the exchange rate which led to the exploit,” said CD Security founder and smart contract researcher Dimitar Dimitrov. “Unfortunately, 4 audits (2 of which were contests) were not enough to discover the vulnerability.”