On May 28, hackers breached the tokenized risk protocol Cork Protocol’s platform and made off with $12 million in digital assets. According to an alert shared by the blockchain security services platform Cyvers, the attackers executed the breach moments after deploying a malicious contract.

Web3 data platform Blockchain Insights said that its preliminary investigation showed that the exploiter was funded by an upstream address, which was in turn funded via a withdrawal from a wallet on the cryptocurrency exchange Whitebit. After siphoning 3,762 wstETH, the hacker immediately converted 4,530 ETH.

Following the attack, the tokenized risk protocol issued a statement acknowledging the incident and announcing a pause on Cork markets.

“There was a security incident affecting the wstETH:weETH market at 11:23 UTC today. All other Cork markets have been paused as a precaution, and no other markets have been impacted. We are actively investigating the situation and will continue to provide updates as more details become available. Thank you to our partners as we work through this,” Cork Protocol stated.

Launched in March 2024, Cork Protocol has operated a decentralized finance (DeFi) platform that allows users to hedge and trade the risk of “depeg” events for pegged crypto assets. Backed by Andreessen Horowitz and OrangeDAO, the protocol’s approach to pricing and hedging depeg risk was seen as innovative, building out a layer of risk management that was previously underdeveloped in the decentralized space. It is not clear how the hacking incident is set to impact its operations or dented its reputation.

Meanwhile, an investigation by Dedaub identified the exchange rate computation as the root cause of the breach. It added that “the attacker manipulated this by deploying fake tokens—the protocol contained logic to revert to a default value.”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。