The persistent shadow of cyberattacks continues to loom over the decentralized finance (DeFi) ecosystem in 2025, with the latest blow striking the Cork Protocol. On May 28, this DeFi platform became the victim of a sophisticated smart contract exploit, resulting in a significant loss of digital assets valued at approximately $12 million.
Cybersecurity analysts at Cyvers pinpointed the incident occurring precisely at 11:23:19 UTC. They traced the illicit activity to a blockchain address ending with “762B,” which orchestrated the attack by exploiting a vulnerability in Cork Protocol’s smart contracts. The attacker successfully siphoned around 3,761 Wrapped Staked Ether (wstETH), quickly converting the stolen tokens into Ether (ETH), trading at roughly $2,738 at the time.
Phil Fogel, co-founder of Cork Protocol, promptly addressed the crisis via social media, sharing that the team had paused all smart contracts to contain further damage. “We are investigating a potential exploit on Cork Protocol and are pausing all contracts. We will report back with more information,” Fogel assured the community.
This incident underscores the ongoing battle between innovation and security in the crypto space. Despite billions of dollars flowing into DeFi and other Web3 projects, vulnerabilities within smart contracts remain a recurring challenge, undermining user trust and triggering urgent calls from industry leaders to enhance cybersecurity defenses.
The Broader Context: DeFi Under Siege
The Cork Protocol breach is not an isolated case. Just days earlier, on May 22, another high-profile hack targeted Cetus, a decentralized exchange (DEX) operating on the Sui blockchain network. The attack resulted in a staggering $223 million loss, shaking the entire crypto community.
In response, Sui network validators took the extraordinary step of freezing the majority of stolen funds, igniting an intense debate around blockchain governance and the power of validators to intervene in decentralized networks during emergencies. This move highlighted the tension between decentralization ideals and pragmatic security measures.
Cetus has since offered a $6 million bounty for white hat hackers willing to help recover the remaining stolen assets, illustrating the growing reliance on ethical hackers in battling crypto crime.
Security firm Dedaub published a detailed post-mortem analysis of the Cetus hack, revealing the exploit stemmed from manipulated liquidity parameters within the platform’s automated market maker (AMM). The attackers altered critical values by bypassing checks on the “most significant bits” (MSB) of binary data — a subtle yet powerful form of code manipulation.
By changing these MSB values, the hackers were able to artificially inflate liquidity pools with minimal effort, enabling them to drain other pools of hundreds of millions of dollars. This sophisticated attack demonstrated how even small oversights in smart contract design could lead to massive financial consequences.
Why These Hacks Matter and What Comes Next
The Cork Protocol and Cetus hacks highlight a troubling trend for DeFi projects in 2025. While the technology promises transparency, efficiency, and democratization of finance, the underlying smart contracts and network governance structures are often complex and prone to subtle coding flaws or insider threats.
For users, these incidents serve as stark reminders to exercise caution and remain vigilant. It’s crucial to keep up with platform announcements, enable security features like two-factor authentication, and be wary of unusually large or rapid withdrawals or transactions.
For developers and crypto enterprises, these breaches are a call to double down on security audits, employ rigorous code verification methods, and incorporate real-time monitoring systems that can detect and halt suspicious activity before irreparable damage occurs.
Furthermore, the evolving debate around validator intervention in blockchain networks, sparked by actions like the Sui freeze, raises important questions about the balance between decentralization and security. It remains to be seen whether future solutions will favor absolute decentralization or accept some degree of centralized control to protect users.
Final Thoughts
As the crypto sector continues its rapid evolution in 2025, the race between hackers and defenders intensifies. The Cork Protocol’s $12 million loss and the Cetus $223 million hack are painful but instructive chapters in the ongoing story of DeFi’s maturation. The hope is that increased transparency, stronger community vigilance, and advanced security measures will help make decentralized finance a safer and more resilient frontier for all participants
