Hackers recently targeted a wrapped staked Ethereum contract, resulting in the theft of tokens valued at approximately $12 million. The decentralized finance platform Cork Protocol was the victim of this exploit, which was brought to light by security firm SlowMist on May 28.
After identifying a potential vulnerability in the smart contract related to 3,760 wrapped staked Ethereum (wstETH) tokens, Cork Protocol took immediate action by pausing all contracts. The platform confirmed a security incident involving the wstETH and wrapped Ethereum tokens, reassuring users that no other markets were impacted. The team is actively investigating the situation and pledged to provide updates as they become available.
Cyvers, a blockchain security firm, revealed that the attacker deployed a malicious contract funded by an address believed to be associated with a service provider used by Cork Protocol. Within a short span of 16 minutes, the attacker executed the malicious contract and swiftly exchanged the stolen wstETH for Ethereum. At present, the stolen ETH has not been transferred to other wallets.
Cork Protocol offers users the ability to hedge against the risk of token depegging through various assets like wrapped stablecoins, liquid staking, and restaking tokens. The wstETH to weETH trading pair plays a crucial role in the protocol’s operations.
Despite the benefits of wrapped tokens for enabling DeFi activities that are not feasible with native assets, they also introduce additional risks such as counterparty risk, smart contract vulnerabilities, and potential exploits. In the event of a hack or rug pull, the value of a wrapped token may decrease significantly compared to its unwrapped counterpart, resulting in substantial losses for users.
In response to these risks, Cork Protocol allows users to purchase depeg swaps to safeguard their assets in case they deviate from their peg. In addition to the wstETH to weETH pairing, the platform supports securitization for other assets like wETH to wstETH, sUSDS to USDe, and sUSDe to USDT.
The incident serves as a reminder of the importance of robust security measures in the DeFi space and the need for constant vigilance to protect user funds from potential exploits and attacks. Cork Protocol’s swift response to the security breach underscores the significance of proactive risk management in the ever-evolving landscape of decentralized finance.