Another day, another decentralized finance (DeFi) platform hacked. On Wednesday morning, May 22, 2025, Cork Protocol suffered a major security breach, with hackers stealing more than $12 million worth of Ethereum in a single attack.
The platform, based in Delaware, confirmed that the breach occurred at exactly 11:23 UTC, targeting a specific trading pair on its platform: wstETH:weETH. Following the incident, Cork immediately paused all market activity as a precaution.
“There was a security incident affecting the wstETH:weETH market at 11:23 UTC today,” Cork said in a public statement. “All other Cork markets have been paused as a precaution, and no other markets have been impacted. We are actively investigating the situation and will continue to provide updates as more details become available. Thank you to our partners as we work through this.”
The company has not disclosed full details about how the hack occurred or the methods used by attackers. However, multiple blockchain security analysts and on-chain data firms confirmed that 4,530 ETH was drained during the attack. At the time of the breach, that amount was worth approximately $12.1 million.
What is the Cork Protocol?
Cork Protocol is a relatively new player in the DeFi space, but one that had started to gain serious traction. The platform describes itself as a risk management and pricing tool for DeFi users looking to hedge against depegging events. These are moments when a crypto asset, like a stablecoin or token designed to maintain a specific value, loses its peg due to market volatility or liquidity shocks.
Such events have become more common in recent years, particularly after the collapse of Silicon Valley Bank in 2023, which triggered widespread instability among dollar-pegged stablecoins. Cork sought to fill this gap by offering DeFi’s version of credit default swaps, a classic risk hedge in traditional finance.
The platform had received significant backing. Last year, Cork was one of the chosen projects in Andreessen Horowitz’s (a16z) Crypto Startup Accelerator. It also secured funding from a16z, one of the most well-known venture capital firms in Silicon Valley.
Growing Pattern of DeFi Exploits
The Cork hack is the latest in a string of security incidents shaking the confidence of DeFi investors and developers. It occurred just five days after Cetus, another decentralized exchange, was hit by a $223 million exploit. And earlier this year, Bybit, a major centralized platform, lost over $1.4 billion to attackers in one of the largest crypto thefts ever recorded.
These incidents reflect a troubling pattern for 2024 and 2025.
According to cybersecurity firm PeckShield, more than $3 billion has been stolen from crypto platforms in 2024 alone. That’s a 15% increase compared to the total losses recorded in 2023. The firm attributes the rise to a combination of:
- Increasing complexity of DeFi protocols
- Lack of robust auditing
- The rapid growth of newer, untested platforms
- Ongoing reliance on smart contracts with known vulnerabilities
DeFi is built on open-source code that is often copied and modified between projects. This makes it easy for skilled attackers to identify potential weaknesses, especially in smaller or fast-moving platforms that lack the resources for continuous audits.
Community Reaction and Next Steps
As of now, the Cork Protocol team has not announced a reimbursement plan or recovery strategy. The community is demanding transparency, with many investors and users on platforms like Twitter and Discord asking for updates.
Given Cork’s backing from Andreessen Horowitz, some are hopeful that the team may offer refunds or relaunch the protocol after a full security overhaul. However, the platform remains offline as of Thursday morning, and no timeline for resumption has been given.
Cork’s Discord server has been flooded with user concerns, while its support channels remain limited. On-chain analysts continue to monitor the wallet addresses linked to the hack in an effort to track the stolen ETH, though it is likely the funds have already begun being laundered through mixers or moved to privacy-focused chains.
What This Means for DeFi Security
The Cork attack is a harsh reminder of the risks that continue to plague decentralized finance. While DeFi promises transparency, automation, and financial freedom, it remains highly vulnerable to exploits, flash loan attacks, and code-level bugs.
Despite rising investment in blockchain security tools and white-hat bounty programs, hackers still appear one step ahead. Most victims are left with little recourse, especially when platforms lack insurance mechanisms or legal protections.
The Cork case also highlights another critical issue: the growing concentration of value in complex token pairs, such as wrapped staking tokens like wstETH, and synthetic assets like weETH. These assets introduce layers of smart contract dependencies, which can create new vectors of attack if not properly stress-tested.
Lessons for Crypto Users
For everyday crypto users and DeFi investors, the Cork hack offers a few key lessons:
- Avoid overexposure to new protocols that have not undergone rigorous security audits.
- Diversify holdings across platforms and asset classes.
- Watch for platform responses after incidents; projects that communicate clearly and act swiftly tend to be more trustworthy.
- Be cautious with exotic token pairs or wrapped tokens unless you fully understand the mechanics behind them.
Final Thoughts
The $12 million Cork Protocol hack is another blow to DeFi’s reputation in 2025. Despite its promise and rapid growth, the industry still struggles with basic security infrastructure.
With billions lost year after year, investors are right to be concerned. However, the sector also continues to evolve, and each incident provides valuable lessons for both developers and users.
As the Cork team works to recover and investigate the breach, all eyes are on how they will respond, and whether they can rebuild trust in an increasingly skeptical DeFi market.
