Skip to main content
Security

Cork Protocol Suffers $12 Million Exploit via Uniswap V4 Hook Manipulation

A critical access control and input validation flaw in Cork Protocol's Uniswap V4 hook enabled attackers to fabricate deposits, leading to significant asset drain.
September 26, 20253 min

A vibrant blue, transparent, fluid-like object, resembling a sculpted wave, rises from a bed of white foam within a sleek, metallic device. The device features dark, reflective surfaces and silver accents, with circular indentations and control elements visible on the right
An abstract, dark, multi-layered object with intricate, organic-like cutouts is depicted, covered and surrounded by a multitude of small, glowing blue and white particles. These particles appear to flow dynamically across its surface and through its internal structures, creating a sense of movement and digital interaction

Briefing

On May 28, 2025, Cork Protocol, a decentralized finance platform designed for depeg insurance, experienced a sophisticated exploit resulting in the loss of approximately $12.1 million in wstETH. The incident stemmed from a critical vulnerability within the protocol’s implementation of Uniswap V4 hooks, which allowed an attacker to bypass access controls and manipulate swap conditions. This enabled the unauthorized minting and redemption of derivative tokens, leading to the significant drain of 3,761 wstETH from the wstETH:weETH Liquidity Vault.

The detailed composition showcases an open mechanical watch movement, its metallic components and precise gear train clearly visible. A substantial blue structure, adorned with intricate circuit-like patterns, connects to the watch, with a metallic arm extending into its core

Context

Prior to this incident, Cork Protocol had accumulated $32 million across its Liquidity Vaults and undergone multiple security audits. Despite these measures, the inherent complexity of composable DeFi logic, particularly when integrating advanced features like Uniswap V4 hooks, presented an expanded attack surface. The protocol’s reliance on external smart contracts for custom logic, without sufficiently stringent internal validation and access control, created a latent vulnerability that adversarial actors could weaponize.

The image displays a sleek, translucent device with a central brushed metallic button, surrounded by a vibrant blue luminescence. The device's surface exhibits subtle reflections, highlighting its polished, futuristic design, set against a dark background

Analysis

The attack leveraged a critical flaw in Cork Protocol’s beforeSwap hook logic, which lacked proper access control and validation of user-supplied data. The attacker initiated the exploit by creating a malicious market and then used the Uniswap V4 Pool Manager’s unlockCallback feature to invoke CorkHook’s beforeSwap function with crafted, unauthorized hook data. This deceptive maneuver tricked the protocol into believing legitimate deposits were being made, facilitating the unauthorized minting of derivative tokens (Cover Tokens and Depeg Swaps). Subsequently, these fabricated tokens were redeemed for real underlying assets, specifically 3,761 wstETH, before the funds were laundered via Tornado Cash.

A close-up view reveals a sophisticated abstract mechanism featuring smooth white tubular structures interfacing with a textured, deep blue central component. Smaller metallic conduits emerge from the white elements, connecting into the blue core, while a larger white tube hovers above, suggesting external data input

Parameters

  • Protocol Targeted ∞ Cork Protocol
  • Attack VectorUniswap V4 Hook Manipulation / Missing Access Control
  • Financial Impact ∞ ~$12.1 Million (3,761 wstETH)
  • Date of Incident ∞ May 28, 2025
  • Blockchain ∞ Ethereum
  • Attacker Funds Destination ∞ Tornado Cash

Angular, reflective metallic structures resembling advanced computing hardware interlock with vibrant blue crystalline formations encrusted with a white, frosty substance. A luminous, textured sphere, evocative of a moon, floats centrally amidst these elements

Outlook

This exploit underscores the imperative for DeFi protocols to move beyond superficial audits and implement comprehensive economic and behavioral logic simulations, especially when integrating highly programmable features like Uniswap V4 hooks. Protocols must establish robust identity validation mechanisms for smart contract interactions and treat all external dependencies, including hedging tools and coverage platforms, as primary attack surfaces. Immediate mitigation for affected users involves monitoring for further suspicious activity, while the broader ecosystem must adopt enhanced security best practices to prevent similar sophisticated manipulations.

The Cork Protocol exploit serves as a stark reminder that even audited DeFi projects remain vulnerable to complex economic-logic attacks when fundamental access controls and input validations are overlooked in highly composable architectures.

Signal Acquired from ∞ Web3sec News

Micro Crypto News Feeds

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

access control

Definition ∞ Access control dictates who or what can view or use resources within a digital system.

tornado cash

Definition ∞ Tornado Cash is a decentralized cryptocurrency mixing service designed to enhance user privacy by obscuring the transaction history of digital assets.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

uniswap v4

Definition ∞ Uniswap V4 refers to the anticipated fourth iteration of the Uniswap protocol, a leading decentralized exchange (DEX) on the Ethereum blockchain.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

Tags:

Tags: