🎉 #Gate xStocks Trading Share# Posting Event Is Ongoing!
📝 Share your trading experience on Gate Square to unlock $1,000 rewards!
🎁 5 top Square creators * $100 Futures Voucher
🎉 Share your post on X – Top 10 posts by views * extra $50
How to Participate:
1️⃣ Follow Gate_Square
2️⃣ Make an original post (at least 20 words) with #Gate xStocks Trading Share#
3️⃣ If you share on Twitter, submit post link here: https://www.gate.com/questionnaire/6854
Note: You may submit the form multiple times. More posts, higher chances to win!
📅 End at: July 9, 16:00 UTC
Show off your trading on Gate Squ
Cork Protocol was attacked by a Hacker, resulting in a loss of over $12 million.
Cork Protocol was attacked by a Hacker, resulting in losses exceeding 10 million dollars.
On May 28, a decentralized finance platform was hacked, resulting in a loss of over $12 million in funds. This incident highlights that DeFi projects still have vulnerabilities in terms of security.
On the day of the incident, a security company was the first to discover suspicious activities related to the platform and issued a security warning. Subsequently, the platform's official announcement stated that a security incident had occurred in its wstETH:weETH market, and to prevent further risks, the platform had suspended trading in all other markets.
This platform aims to provide functionalities similar to credit default swaps in traditional finance, specifically for hedging the de-pegging risks of stablecoins, liquid staking tokens, and other pegged assets in the DeFi ecosystem. Users can transfer the price fluctuation risks of stablecoins or LST/LRT to market participants through trading risk derivatives, thereby reducing risks and enhancing capital efficiency.
According to security experts' analysis, there are two fundamental reasons for this attack:
The platform allows users to create markets with any asset as the redemption asset (RA), enabling attackers to use derivative tokens DS as RA.
Any user can call a specific function of a contract without authorization and pass in custom data for operation, allowing attackers to manipulate the deposit of DS from a legitimate market into another market for use as RA, and obtain the corresponding tokens.
The attacker first purchased the weETH8CT-2 token on a legitimate market, and then created a new market with the weETH8DS-2 token as the RA and wstETH as the PA. By constructing specific data, the attacker transferred the weETH8DS-2 token from the legitimate market to the new market as the RA and obtained the corresponding CT and DS tokens for the new market.
In the end, the attacker used the obtained tokens to perform a series of operations in both new and old markets, successfully stealing a large number of wstETH tokens.
According to on-chain analysis tools, the attacker profited 3,761.878 wstETH, worth over $12 million. Subsequently, the attacker exchanged these wstETH for 4,527 ETH through 8 transactions. Currently, about 4,530 ETH remains in the attacker's address.
This incident once again reminds DeFi project developers to carefully verify whether each step of the protocol design meets expectations and to strictly limit the types of assets in the market to prevent potential security risks. At the same time, users participating in DeFi projects should remain highly vigilant and constantly pay attention to project dynamics and security warnings.