Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
On May 28, SlowMist detected potential suspicious activity related to Cork Protocol. According to the SlowMist security team’s analysis, the root cause of the attack was the lack of strict validation on user-supplied data, allowing the protocol’s liquidity to be manipulated and transferred to unintended markets, which attackers then exploited to perform unauthorized redemptions and profit illegally. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 12,000,000.
- chain
- —
- protocol
- Cork Protocol
- bug_class
- access-control
- date_occurred
- 2025-05-28
- loss_usd
- $12,000,000
- source_id
- sm:cork-protocol::2025-05-28