On May 28, 2025, Cork Protocol, a decentralized finance platform, fell victim to a smart contract exploit, resulting in the theft of approximately $12 million worth of wrapped staked ether (wstETH).

The attack occurred at precisely 11:23:19 UTC, with the hacker utilizing an address ending in '762B' to steal around 3,761 wstETH.

Following the exploit, the stolen wstETH was converted to Ether (ETH) almost immediately, complicating recovery efforts.

In response to the incident, Cork Protocol paused all markets as a precaution and is currently investigating the cause of the exploit.

Cork Protocol co-founder Phil Fogel announced the decision to pause all contracts and confirmed that an investigation is underway.

This incident underscores ongoing cybersecurity challenges within the crypto industry, leading to decreased consumer confidence and renewed calls for enhanced security measures.

Sui validators took action to freeze most of the stolen funds, raising concerns about network centralization and the responsibilities of blockchain validators in such situations.

The exploit allowed hackers to add significant liquidity with a single keystroke, draining other liquidity pools of hundreds of millions of dollars.

A post-mortem report by blockchain security firm Dedaub revealed that the exploit was facilitated by flawed liquidity parameters, enabling the hackers to manipulate values undetected.

The exploit was identified by blockchain security monitor Cyvers, which suggested that the malicious contract may have been funded by a service provider's wallet.

Cork Protocol had previously attracted investments from notable firms such as a16z crypto and OrangeDAO in September 2024, highlighting its significance in the DeFi space.

In a related incident, the Cetus decentralized exchange was hacked just days earlier on May 22, 2025, resulting in losses totaling $223 million.