Cork Protocol Halts Operations After $12M DeFi Exploit Targets wstETH

Cork Protocol, a relatively new player in the decentralized finance (DeFi) space, has temporarily paused all smart contracts following a security breach that resulted in the loss of approximately $12 million in crypto assets.

The exploit, which targeted wrapped staked Ethereum (wstETH), allowed an attacker to siphon off about 3,762 wstETH through a malicious contract, according to security researchers at Cyvers.

As of now, the stolen funds have only been converted into ETH, and there’s no indication yet that they’ve been distributed across multiple wallets—a common next step in laundering stolen crypto.

Phil Fogel, founder of Cork Protocol, acknowledged the breach on social platform X (formerly Twitter), saying the team is actively investigating.

“We are investigating a potential exploit on Cork Protocol and are pausing all contracts,” he wrote. “We will report back with more information.”

Cork Protocol launched in March 2025, offering a novel DeFi mechanism that lets users trade on the risk of asset depegging—a phenomenon where an asset’s market price drifts away from its intended fixed value. By allowing speculation on these discrepancies, Cork aimed to carve out a unique niche within the broader DeFi ecosystem.

The platform has garnered notable backing, including investments from a16z Crypto, OrangeDAO, and Steakhouse Financial. It also participated in the a16z Crypto Startup School’s CSX Fall 2024 cohort—an indicator of growing interest in its approach to risk-based DeFi trading.

The breach adds to a growing list of security challenges facing the DeFi industry, where novel financial mechanisms often run ahead of robust security vetting. It also highlights the need for continued vigilance as the space matures.

For now, all activity on Cork Protocol remains paused pending the outcome of the investigation.