Hacker stole $12 million in cryptocurrency from Cork Protocol

An unknown attacker exploited a vulnerability in the smart contracts of the DeFi protocol Cork Protocol and withdrew $12 million in cryptocurrency, cybersecurity experts from Cyvers Alerts reported.

According to the data, a malicious contract was deployed on May 28, initiated by an address whose funding came from wallet 0x4771...762B, presumably belonging to a third-party service. Just 16 minutes and 45 seconds after its launch, the hacker managed to withdraw 3761.87 wstETH and immediately exchanged them for Ethereum. At the moment, the stolen funds remain at the receiving address and have not been moved.

The Cork team confirmed the incident and temporarily stopped all of their smart contracts to conduct an investigation. The developers said they were analyzing the incident and promised to provide more details later. The Cork protocol, which offers a solution for tokenizing the risks of depositing stablecoins, launched its mainnet in the Ethereum ecosystem on March 4 this year. At the launch of the project, such well-known companies as Lido Finance and Ethena Labs announced their partners.

It was previously reported that the decentralized exchange Cetus, built on the Sui blockchain , experienced a serious hacker attack, after which about $11 million in SUI tokens were stolen from the SUI/USDC liquidity pool.