Hacker Exploits Vulnerability in Cork Protocol, Stealing $12 Million in Crypto

A malicious actor exploited a vulnerability in the smart contracts of the DeFi protocol Cork Protocol and stole $12 million in cryptocurrency, as reported by Cyvers Alerts.

On May 28, the hacker deployed a malicious contract. In less than 17 minutes, they withdrew 3,761.87 wstETH and immediately exchanged it for Ethereum. The stolen funds have not yet been moved.

The Cork team acknowledged the incident and has paused all contracts. Developers are currently investigating the matter and have promised to provide more details later.

The project, which offers a tool for risk tokenization linked to de-pegging, launched its mainnet on Ethereum on March 4. Launch partners included Lido Finance and Ethena Labs.

Additionally, it is worth noting that on May 22, attackers targeted the DEX pools of Cetus on the Sui network. The Cetus platform team offered the hacker $6 million in exchange for the return of 20,920 ETH.

Analysts from Dedaub clarified that the hack was due to a vulnerability in the liquidity parameter checks of the automated market maker.

Subsequently, Sui validators approved a recovery plan for $162 million belonging to Cetus users. The voting process will conclude on June 3.