Cork Protocol Hack - May 2025 ($12M)
Overview
In May 2025, Cork Protocol, a protocol designed to hedge against the risks associated with depegging, was the victim of a $12 million hack. On May 28, 2025, at 11:39:47 UTC, the protocol was compromised by an exploit, resulting in a loss of $12m.
What is Cork Protocol?
Cork Protocol is a decentralized insurance platform designed to tokenize risks associated with depegging events of stablecoins, liquid staking, and restaking assets. The protocol is backed by a16z and OrangeDAO.
Attack Mechanism
The exploit involved a sophisticated multi-step attack:
1. Token Creation: The attacker tricked the protocol's smart contracts into accepting fake tokens and exploiting vulnerabilities in its rate calculations.
2. Fake Market Setup: The attacker took advantage of a dangerous oversight: the protocol lacked validation for key parameters, especially within a function known as CorkCall. This allowed them to use legitimate tokens from one market and inject them into a maliciously crafted fake market. By cleverly creating a new fake market and setting their contract as the Exchange Rate Provider, the attacker was able to mint fake DS and CT tokens.
3. Access Control Flaw: At the core of the exploit was a flaw in the Cork Hook's access control, which ultimately granted the attacker unauthorized access to privileged functions within the FlashSwapRouter.
Funds Stolen
Redeeming these for the RA allowed the attacker to drain 3,761 wstETH from the contract, which they converted to $12 million in ETH. The attacker used the exploit to steal roughly 3,761 Wrapped Staked Ether (wstETH), which was converted to Ether (ETH) almost immediately after the attack.
Response
Cork Protocol has paused all markets as a precaution. Upon detecting the abnormal transaction pattern, Cork Protocol immediately paused all smart contracts to contain the breach. The platform's team also assured users that other trading pairs and markets remained unaffected.
Sources