Security Breach in the DeFi Sector
In a significant breach of security within the decentralized finance (DeFi) sector, hackers have managed to siphon off approximately $12 million by exploiting a wrapped staked Ethereum contract associated with Cork Protocol. The attack was first brought to light on May 28 by cybersecurity firm SlowMist, which identified a critical vulnerability involving 3,760 wrapped staked Ethereum (wstETH) tokens.
Response to the Attack
In response to this exploit, Cork Protocol announced it was pausing all smart contracts while conducting an internal investigation. They released a statement acknowledging a “security incident” that directly impacted their wrapped staked Ethereum tokens as well as wrapped Ethereum tokens. Fortunately, the protocol asserted that no other markets on their platform experienced disruptions.
Details of the Exploit
As the investigation progressed, Cork Protocol assured users that updates would follow. Additionally, blockchain security experts from Cyvers disclosed that the attack was executed through a malicious contract mechanism funded by an address likely connected to a third-party service provider affiliated with the DeFi ecosystem. Within a mere 16 minutes of the contract’s activation, the attacker executed a trade, swapping the stolen wstETH for regular Ethereum. Notably, the stolen Ether has yet to be transferred to alternative wallets.
Cork Protocol’s Operations
Cork Protocol specializes in allowing its users to hedge against the risks of token depegging for various wrapped tokens, encompassing wrapped stablecoins and stake tokens. One of its major trading pairs, wstETH to weETH, represents a core market within their securitization framework.
While wrapped tokens facilitate advanced DeFi operations that are not achievable with their native counterparts, they also introduce various risks, including vulnerabilities tied to smart contracts, counterparty risks, and threats from potential exploits. In cases of hacking or scams, these wrapped tokens can significantly depreciate, creating substantial financial losses for the users involved.
To mitigate such risks, Cork Protocol provides depeg swaps for users to safeguard their investments. Beyond the wstETH to weETH pair, the platform also proposes securitized trades for wETH to wstETH, sUSDS to USDe, and sUSDe to USDT.
