On May 28, 2025, the Cork Protocol platform faced a hack, resulting in the attacker withdrawing crypto assets worth $12 million. The project team halted all markets during the investigation of the incident.
The fact of the hack was also confirmed by Cork Protocol founder Phil Vogel. According to him, the team will publish details soon.
Experts from Cyvers and SlowMist were among the first to report the incident. According to Cyvers, the malicious contract was deployed by the service provider around 11:23 UTC. Sixteen minutes later, the attacker exploited the vulnerability.
He withdrew 3761.87 wstETH, which he converted into Ethereum. MistTrack experts tracked his address. According to Etherscan data, the crypto assets are still with him; the hacker did not manage to launder the stolen funds.
The Cork Protocol team noted that the malicious contract only affected the wstETH:weETH market. However, the developers decided to suspend the operation of other contracts during the investigation of the incident.
The platform was launched in March 2025. It offers users the ability to tokenize and trade risks associated with the de-pegging of crypto assets.
In September 2024, the project closed a funding round without disclosing the amount. It was supported by OrangeDAO, IDEO CoLab Ventures, and more than 20 other investors, including business angels.