The CORK protocol stopped the decentral financing platform (Defi) operations on one of its basic commercial markets after the exploitation of the phenomenon of the depletion of thousands of attached symbols (WSTTH).
Blockchain Slowmist first reported the accident on May 28, citing a possible weakness of the smart contract that allowed the attacker to withdraw 3,760 WSTHTH – millions of dollars – from protocol trading.
Security security alert, we discovered a possible suspicious activity related to CORKPROCOL. As always, stay awake!
The Cork Protocol later confirmed the breach, and its classification as a “security incident” affected WSTTH: Weth Market.
There was a security incident affecting WSTTH: Weeth Market at 11:23 UTC today. All other cork markets were stopped as a preventive measure, and no other markets were affected. We are actively achieving in the situation and we will continue to provide updates as more details
While no other platform markets were affected, automatic trading systems of the protocol were stopped as investigations began to cause the exploitation.
The malicious contract drained symbols in less than 20 minutes
The initial analysis by Cyvers, Blockchain security company, indicates that the attacker used a harmful smart contract that was published via a 0x4771 … 762b.
Alalert
our system set a $ 12 million smart contract with CORKPROCOL It is possible that the victims are. A harmful contract was published on May 28, 2025 at 11:23:19 UTC by 0x4771 … 762B (it is possible to be a service provider). Only 16 minutes and 45 seconds
The origin of this money is likely to be a service provider such as decentralized exchange, Defi bridge or liquidity complex built with CORK.
The contract was implemented only 16 minutes of financing. It has succeeded in converting the stolen WSTHTH into Ethereum, although the resulting ETH has not yet been transferred to other governors or exchange of stablecoins.
The speed of exploitation indicates the automatic weaknesses of the contracts instead of the human operational error, and the attacker may have relied on well -known code libraries or the agent promotion mechanisms to launch the attack.
Continuous investigations, but the wider effects of waving on the horizon
At the time of writing this report, the CORK protocol did not issue a schedule for reopening its esteemed contracts or restoring the affected user balances.
Investigators work to determine whether the defect arose at the Kork Code base or through an integrated application of an external party.
So far, no attempts to restore the white hat or communications have been reported on the attacker.
While not reported is not reported in other markets, the accident puts pressure on the Defi protocols that depend on the distinctive symbol mechanisms wrapped.
The exploitation also raises questions about the due care made on smart contracts, especially those that interact with distinctive and derivative symbols in a high -risk environment.
The exploitation is part of a wider trend in 2025, as attackers target complex distinctive infrastructure, especially those related to liquid roaming.
These ecosystems are wrapped, although they are necessary for advanced Defi activity, increasingly become pharmacist for weaknesses due to their dependence on multiple layers of smart contracts infrastructure.
If future audits do not reveal the basic weakness and treatment, similar incidents may continue through protocols that offer DEPEG hedge products or other forms of symbolic insurance.
Post Defi Cork loses $ 13.8 million in WSTTH; The attacker uses a harmful contract first appeared on Invezz
