- Topic
67k Popularity
23k Popularity
7k Popularity
11k Popularity
4k Popularity
4k Popularity
16k Popularity
22k Popularity
12k Popularity
2k Popularity
- Pin
- 🌟 Photo Sharing Tips: How to Stand Out and Win?
1.Highlight Gate Elements: Include Gate logo, app screens, merchandise or event collab products.
2.Keep it Clear: Use bright, focused photos with simple backgrounds. Show Gate moments in daily life, travel, sports, etc.
3.Add Creative Flair: Creative shots, vlogs, hand-drawn art, or DIY works will stand out! Try a special [You and Gate] pose.
4.Share Your Story: Sincere captions about your memories, growth, or wishes with Gate add an extra touch and impress the judges.
5.Share on Multiple Platforms: Posting on Twitter (X) boosts your exposure an
- 🎉 [Gate 30 Million Milestone] Share Your Gate Moment & Win Exclusive Gifts!
Gate has surpassed 30M users worldwide — not just a number, but a journey we've built together.
Remember the thrill of opening your first account, or the Gate merch that’s been part of your daily life?
📸 Join the #MyGateMoment# campaign!
Share your story on Gate Square, and embrace the next 30 million together!
✅ How to Participate:
1️⃣ Post a photo or video with Gate elements
2️⃣ Add #MyGateMoment# and share your story, wishes, or thoughts
3️⃣ Share your post on Twitter (X) — top 10 views will get extra rewards!
👉
Losses exceed 10 million USD, analysis of the Cork Protocol hacking incident
Author: Kong & Lisa
Editor: Liz
Background
On May 28, SlowMist ( detected potential suspicious activity related to Cork Protocol and issued a security alert, advising users to remain vigilant and pay attention to account and fund security.
![Loss of over 10 million USD, Analysis of Cork Protocol Hacking Incident])https://img.gateio.im/social/moments-cefaf15fd34fb53304996818fcc8c598(
Not long after, Cork Protocol released a statement saying: "Today at 11:23 UTC, a security incident occurred in the wstETH:weETH market. To prevent the risk from expanding, Cork has suspended all other market transactions, and currently, no other markets are affected. The team is actively investigating the cause of the incident and will continue to update on related progress."
![Losses Exceeding Ten Million USD, Analysis of the Cork Protocol Hacking Incident])https://img.gateio.im/social/moments-b6c961ae39e4375d9e4e908dc9e9d653(
After the incident occurred, the Slow Mist security team intervened for analysis at the first opportunity. Below is a detailed analysis of the attack methods and the funds transfer path.
) Prerequisite Knowledge
Cork Protocol is a tool designed to provide functionality similar to credit default swaps in traditional finance for the DeFi ecosystem — Depeg swaps, specifically used to hedge the de-pegging risks of stablecoins, liquid staking tokens, RWA, and other pegged assets. Its core mechanism revolves around the de-pegging risks of stablecoins and liquid staking tokens, allowing users to transfer the price volatility risk of stablecoins or LST/LRT to market participants through trading risk derivatives, thereby reducing risk and enhancing capital efficiency. The key concepts are as follows:
RA (Redemption Asset): The benchmark asset used for redemption or settlement of decoupling events in the Cork market (for example, ETH in the ETH::stETH market).
PA (Pegged Asset): An asset that carries the risk of de-pegging, with the aim of maintaining a price link with RA, but may deviate from the pegged exchange rate due to market fluctuations, protocol risks, and other factors (e.g., stETH in the ETH::stETH market).
DS (Depeg Swap |脱锚掉期): The core derivative tool issued by the Cork protocol, used to hedge against depegging risks, essentially similar to credit default swaps in traditional finance ### CDS (. Users can purchase such tokens to avoid depegging risks.
CT (Cover Token): A derivative tool paired with DS, used to bear the risk of decoupling and earn profits, similar to the role of a seller in CDS; if decoupling occurs, the holder will bear the losses.
Exchange Rate: A core parameter that measures the value relationship between PA and RA, directly affecting the determination of de-pegging events and the settlement logic of derivative trading. Currently, the Cork protocol allows users to create markets using a custom Exchange Rate Provider.
Cork Vault: Automate the management of liquidity across terms to enhance capital efficiency.
Peg Stability Module )PSM(: Responsible for minting/burning DS and CT, setting market terms, and dynamically adjusting prices through AMM. It allows users to make the following exchanges:
PA + DS = RACT + DS = RA
) root cause
The root cause of this attack lies in that on one hand, Cork allows users to create a redemption asset with any asset through the CorkConfig contract (RA), enabling attackers to use DS as RA. On the other hand, any user can call the beforeSwap function of the CorkHook contract without authorization and allow users to pass in custom hook data for CorkCall operations, enabling attackers to manipulate and deposit DS from the legitimate market into another market as RA, thereby obtaining corresponding DS and CT tokens.
Attack Analysis
The attacker first purchased the weETH8CT-2 token with wstETH on a legitimate market, in order to ultimately redeem the wstETH token as RA combined with the DS token.
Subsequently, the attacker created a new market and used a custom Exchange Rate provider. This market was created using the weETH8DS-2 token as RA and wstETH as PA, so the key tokens of the new market correspond as follows:
RA: weETH8DS-2PA: wstETHCT: wstETH5CT-3DS: wstETH5DS-3
The key tokens corresponding to the market where weETH8DS-2 is located are as follows:
RA: wstETH PA: weETH CT: weETH8 CT-2 DS: weETH8 DS-2
![Loss of over ten million USD, analysis of the Cork Protocol hacking incident]###https://img.gateio.im/social/moments-6d40df3c5df842bffe4050ced817e4f7(
After creating a new market, the attacker adds a certain amount of liquidity to the market so that the protocol can initialize the corresponding liquidity pool in Uniswap v4, allowing CorkHook to execute beforeSwap in this pool later.
![Losses Exceeding Ten Million USD, Analysis of the Cork Protocol Hacking Incident])https://img.gateio.im/social/moments-7ca8b4288d35bf23f9c295a2bd3f1f75(
Next, the most critical point is that as long as the conditions for unlocking in the Uniswap V4 Pool Manager are met, any user can invoke the beforeSwap function of CorkHook with any parameters to manipulate the market liquidity of the protocol. Therefore, an attacker can call the beforeSwap function of CorkHook through the unlockCallback feature at the time of unlocking in the Uniswap V4 Pool Manager and pass in their custom market and hook data.
![Losses Exceeding Ten Million Dollars, Analysis of Cork Protocol Hacking Incident])https://img.gateio.im/social/moments-688b3bf9affc00d9ad7c64ec4ab296e6(
beforeSwap will call the valid market's CorkCall function to execute the specified hook data:
![Loss of over ten million dollars, analysis of the Cork Protocol hacking incident])https://img.gateio.im/social/moments-0763176bfe56c27887b0f72f268d2fcb(
CorkCall trusts the data passed in from the upper-level legal CorkHook and directly parses and executes it:
![Loss of over ten million dollars, analysis of the Cork Protocol hacking incident])https://img.gateio.im/social/moments-d0bfe5524c9504398f0bd738d19b2dc5(
This allows attackers to transfer a specified amount of weETH8DS-2 tokens from a legitimate market into a new market they create as RA by constructing hook data, and to obtain the corresponding CT and DS tokens of the new market.
![Loss over ten million dollars, analysis of the Cork Protocol hacking incident])https://img.gateio.im/social/moments-b4bf5fab8b089296045c68eb6268e7f7(
According to the characteristics of PSM, attackers can use the obtained CT and DS tokens to redeem RA tokens in the new market, namely the weETH8DS-2 token.
![Losses Exceeding Ten Million USD, Analysis of the Cork Protocol Hacking Incident])https://img.gateio.im/social/moments-3f812558f1fd9c4179d40405842a6e8f(
After obtaining the weETH8DS-2 token, the attacker can match it with the previously purchased weETH8CT-2 token to redeem wstETH tokens in the original market.
![Loss of over ten million dollars, analysis of the Cork Protocol hacking incident])https://img.gateio.im/social/moments-6ea12d04829717206583dd81b158c287(
At this point, the attacker exploited the market's lack of restrictions on redeemable asset types and the protocol's failure to verify the caller of CorkHook.beforeSwap and the incoming data, enabling them to transfer legitimate market DS liquidity to another market as RA for redemption, thereby stealing liquidity from any market.
) MistTrack Analysis
According to the analysis by the on-chain anti-money laundering and tracking tool MistTrack, the attacker address 0xea6f30e360192bae715599e15e2f765b49e4da98 profited 3,761.878 wstETH, worth over 12 million dollars.
Subsequently, the attacker through
8 transactions will convert wstETH to 4,527 ETH:
![Loss exceeds ten million dollars, analysis of the Cork Protocol hacking incident]###https://img.gateio.im/social/moments-57a7c898ed2702ba6415a3119699cbae(
In addition, the initial funds of the attacker came from 4.861 ETH transferred from Swapuz.com.
![Loss of over ten million dollars, analysis of the Cork Protocol hacking incident])https://img.gateio.im/social/moments-9b30cb058d123b05bb0cbc5ae71157a4(
As of now, a total of 4,530.5955 ETH remains on the attacker's address, and we will continue to monitor the funds.
![Loss exceeding ten million dollars, Analysis of the Cork Protocol hacking incident])https://img.gateio.im/social/moments-14f507331b58d057ccc3213592cf8cd3(
) Summary
The root cause of this attack lies in the failure to strictly verify whether the data provided by users meets expectations, which allows the protocol's liquidity to be manipulated and transferred to unintended markets, enabling attackers to illegally redeem and profit. The Slow Mist Security Team advises developers to carefully verify whether each operation of the protocol is as expected during the design process and to strictly limit the types of assets in the market.