In a brazen and swift cyberattack, decentralized finance platform Cork Protocol suffered a major exploit today, losing an estimated $12 million worth of crypto assets.

The criminals seized 3,761.87 wstETH (Wrapped Staked Ether), a digital asset created with liquid staking, reminding us again how dangerous DeFi can be.

The issue was discovered by blockchain security firm Cyvers Alerts, which spotted the exploit as it occurred. They found that the malicious contract was funded from wallet address 0x4771.762B, which is associated with a known crypto service provider.

Cork Protocol Suffers Major DeFi Exploit, $12M Lost

Cork Protocol Suspends All Smart Contracts

Just 16 minutes and 45 seconds after deploying the contract, the attacker carried out the exploit and immediately stole the wrapped assets at speed. As soon as the wstETH was taken, it was unwrapped and used to generate the same amount of ETH.

At the time of writing, the funds are still in the original exploiter’s wallet and have not been divided or moved out yet. As soon as the breach was known, Cork Protocol deactivated all existing contracts to prevent additional harm and notified everyone about what happened.

“The exploit is receiving our full attention and we are doing our best to keep user assets safe. We will keep sharing more information as we gather a better understanding of the whole event,” the team said through their official channels.

It proves that the DeFi sector remains exposed to risk, mostly because many staking and wrapping processes are still easy targets for advanced attacks. With so many valuable exploits this year, more people are worrying about the safety and reliability of contracts and related providers.

While blockchain investigators continue following the money, users of the Cork Protocol are recommended to be cautious and await instructions from the responsible team.