In a stark reminder of the ongoing vulnerabilities in the decentralized finance (DeFi) space, two major platforms—Cork Protocol and Cetus DEX—have been hit by severe exploits within a span of just six days, resulting in the combined loss of over $235 million in digital assets.
Cork Protocol Exploited for $12 Million
At exactly 11:23:19 UTC on May 28, blockchain security firm Cyvers reported a smart contract exploit targeting Cork Protocol, a rising name in the DeFi ecosystem. The attack led to the loss of approximately 3,761 Wrapped Staked Ether (wstETH), valued at around $12 million at the time. The stolen assets were rapidly converted to Ether (ETH), highlighting the attacker’s intent to quickly obfuscate and move funds.
The exploit was traced back to a wallet address ending in “762B”, which appears to have specifically funded the operation. While details of the vulnerability are still emerging, Cork Protocol’s co-founder Phil Fogel has confirmed that all contracts have been paused while investigations continue.
“We are investigating a potential exploit on Cork Protocol and are pausing all contracts. We will report back with more information.”
— Phil Fogel, Co-founder, Cork ProtocolCetus DEX Hack: $223 Million Vanished
Just days before the Cork incident, Cetus, a decentralized exchange built on the Sui network, suffered an even larger exploit—losing a staggering $223 million. The hack took advantage of a flaw in the exchange’s automated market maker (AMM) code, specifically by manipulating liquidity parameters through a most significant bits (MSB) exploit.
In layman’s terms, the hackers were able to trick the system’s binary code by altering the most crucial bits of data, thereby injecting massive amounts of fake liquidity. This opened the doors for the attacker to drain existing liquidity pools in a matter of minutes.
Sui network validators quickly intervened, freezing a majority of the stolen assets—sparking debate about the line between decentralization and emergency response centralization. Meanwhile, the Cetus team has offered a $6 million bounty to any white-hat hackers willing to help recover the funds.
DeFi’s Ongoing Security Crisis
These back-to-back attacks are part of a larger trend. According to security experts, the crypto industry saw $357 million lost to hacks just in April 2025. With consumer trust eroding and regulatory pressure increasing, industry leaders are once again calling for stronger security standards, robust auditing processes, and smarter contract design.
“There’s been no real shift in crypto security. Teams are still making the same mistakes,”
— Dmitry Budorin, CEO of Hacken
