The past few weeks at Cork have been a real reminder of what it means to build in public. After taking the immediate steps needed to react to the exploit, the team has been looking inward and planning ahead. The focus has been on working with affected stakeholders on plans to make them whole in the future, relaunching Cork, and designing a better, safer Cork for the future.

Here’s what Cork has done since releasing the post mortem.

‍

1. Pursuing Justice

For the past several weeks we have made significant efforts to recover the funds lost in the exploit. Unfortunately, despite multiple efforts (public and private), and attempts to contact and negotiate with the hacker, we have not yet been able to recover the majority of the funds. 

‍

We are doing everything possible to see that the exploiter will be held accountable, including working closely with US law enforcement. While there is little more we can share publicly at this stage, the process is ongoing. When there are concrete updates all relevant parties will be updated.

‍

We’ve been in close touch with our affected users to share with them initial plans for remuneration. If you were affected by the exploit and haven’t spoken to our team, we encourage you to reach out via DM on X.

‍

2. Safe Withdrawals from Unaffected Markets

‍

Four out of five Cork Beta markets were unaffected by the exploit and the team worked rapidly and diligently with partners to safely enable users to withdraw funds from these markets, including external review of deployed code by Immunefi, Runtime Verification, Spearbit and Certora as well as monitoring services by Hypernative. We want to thank all of these partners for their support during this period. 

‍

To date, Cork has successfully processed over $21 million in user withdrawals, without issue, representing more than 99% of assets remaining on Cork after the exploit. 

‍

3. Upgrading the Security Framework

‍

Security has been top of mind for our team since the build of the Cork Beta - but there is no doubt that this incident has pushed us to heighten our security standards across the stack. In building the beta, the codebase underwent four audits and formal verification, and we were in the process of finalizing a final audit of the full code base + new components at the time of the exploit. We’ve learned the hard way about the limitations of current industry best practices. We've made many new connections in the security space, giving us the opportunity to learn from experts who are rapidly innovating in automation, AI, and leveraging historical data to develop practical security tools that support builders. We also look forward to a maturing crypto-native security services sector, which we expect to see rapidly mature as there is more crossover between traditional institutions and DeFi. 

‍

Security is—and always will be—a top priority for Cork. We are digesting how security can and should factor in from the earliest stage of the spec and design phase, and proactively seeking ways to improve security through the product development and live deployment process. Here are some of the concrete steps to harden the protocol and improve our process and infrastructure:

‍

• Easier to understand & review: We’ve improved the naming and structure of key smart contract components to enhance readability for both human reviewers and emerging AI-based auditing tools. Critical high-risk functions—such as those involving returns, unwinding positions or exchange rates—are now named explicitly to support more effective threat analysis and reduce the risk of blind spots by auditing firms.

‍

• Secure-by-Design: We’ve improved our engineering processes to embed various security concerns and best practice mitigations from the ground up during the technical design phase. This includes enforcing precise, unambiguous language in technical specifications and systematically integrating multi-faceted security considerations into the earliest stage of development during an internal Request For Comments (RFC) process. We’ve emphasized that security can’t be an afterthought. One key design consideration involves isolating pooled funds in a dedicated contract. Approaches like this reduces the effective attack surface, improves visibility into potential privilege escalation paths, and limits the blast radius of any vulnerabilities. Additionally, we now maintain internal decision logs and proactively flag areas of concern during the design stage, referencing older known exploits—enhancing context and traceability while reducing blind spots during audits and external reviews.

‍

• Reduction of complexity: As part of our secure-by-design approach, we’ve removed a large number of lines of code from our core smart contracts in order to reduce core complexity and introduce more separation of concerns. Following industry best practices such as those adopted by the Morpho Protocol, auxiliary concerns such as slippage protection, pool migration and Permit2 token allowances are now part of a separate set of periphery contracts. By returning to simplicity, our core smart contracts are now significantly easier to test and audit. Looking ahead, our goal is to ensure that even emerging LLM tools can explain our core contract logic to a novice reviewer in a single pass, without requiring deep domain-specific knowledge.

‍

• Adherence to Industry-standards: We’ve introduced ERC-4626-style preview functions, enabling more advanced testing techniques such as invariant testing. These standards also help formalize previously undefined behavior—particularly around rounding and predictability—which is critical for reducing integration bugs and improving developer confidence when interacting with Cork smart contracts.

‍

• Improved Test Suites and Techniques: While human auditors excel at reviewing access control deficiencies and cross-boundary assumptions, they are not great at identifying many classes of bugs that emerging smart contract testing tools are designed to detect. We’ve significantly improved test coverage to above 96%, and introduced advanced techniques like fuzzing and mutation testing to catch unexpected behavior. Looking ahead, we’re committed to expanding our test strategy with even more advanced exhaustive stateful testing and differential testing to uncover discrepancies between intended design and actual implementation that are difficult to catch through manual code review.

‍

• Attestable Sources of Data: While our backend infrastructure was not impacted by the exploit, we’ve migrated some of our hosting to Phala Cloud, which runs code inside secure enclaves to guarantee both data confidentiality and integrity—ensuring that even system operators cannot tamper with downloaded blockchain data. Phala Cloud also supports attestation, allowing anyone to remotely verify that critical server code is running unmodified within a protected enclave. This marks a shift in our trust model—from assumption to verification. It reflects our renewed commitment to treating unverified data with greater caution and rigor, especially in light of the recent record-breaking crypto hack linked to naive trust assumptions between Bybit and Ledger’s backend services. This infrastructure will power Cork’s API, off-chain keepers and multisig wallet processes—critical pieces in ensuring the security and reliability of any DeFi protocol.

‍

• Exhaustive Pre-Audit Checklist: While auditing firms vary widely in their pre-audit requirements, we’ve established an internal checklist of over 50 items to ensure our security posture is more robust and better prepared ahead of any formal audit engagement. The checklist also incorporates various forms of targeted documentation, enabling auditors to quickly focus on critical areas, and get to important findings, without having to first reverse engineer a sophisticated codebase from scratch.

‍

• Security Response & Bug Handling: While we have previously relied on audit firms to triage the severity and impact of vulnerability reports, we’ve found this model to be insufficient. Many vulnerabilities cannot be fully assessed in isolation—especially when viewed through the lens of a single bug bounty submission. In some cases, auditing partners have dismissed reports due to the absence of a working proof-of-concept exploit. We believe this approach underestimates modern threat models, where advanced actors increasingly chain multiple lower-impact vulnerabilities and refine partial proof-of-concepts into sophisticated, weaponized exploits. As such, we’ve shifted toward a more holistic and in-house evaluation process to better reflect real-world risk. The goal is to foster a more open mindset when evaluating partial findings from security researchers—encouraging collaboration to gather additional context—and to adopt a more conservative, safety-first approach when considering whether to pause smart contracts.

‍

• Pre-Audit Tooling: We’ve begun working with Olympix and Immunefi, both of which provide cutting-edge static analysis tools to evaluate the quality of our internal stress-testing suites, ensure adherence to programming best practices, and conduct AI-assisted threat analysis on our smart contracts ahead of formal audits. This approach ensures we enter the audit process with the most robust version of our contracts—maximizing the value of the audit and reducing the likelihood of overlooked issues which require deeper thought or more sophisticated threat models.

‍

• Enhancing Audit Efficacy: We have been working closely with our past auditors on active retrospectives to understand missed opportunities to get better outputs of the audit process. Cork will work with top-tier audit firms to re-audit the next set of existing contracts we plan to bring online, and have engaged ChainSecurity from PwC for our upcoming audit. 

‍

• Real-Time Monitoring: As we prepare to bring live an abridged version of the protocol, we’ve been evaluating new monitoring and automation tools to expand the scope and improve the speed of our risk mitigation. This will allow us to catch anomalies in real time, and embed risk response as a core part of our protocol operations.

‍

4. Learning from Others

‍

The response of the DeFi community has been incredibly encouraging, especially for those who have rebounded from similar storms. We’re grateful to Euler Finance and Kyber who reached out, and offered helpful insights, support, and candor from their own recovery efforts, and the many people across the Ethereum builder community that have shown support. 

‍

We’ve learned a tremendous amount from countless companies across the security space, and appreciate all of those who have committed time and manpower to our effort to build a better Cork. 

‍

We’d like to acknowledge our users who have shown us true partnership, grace and patience - many of whom we look forward to continuing to work with as Cork matures into its next phase. Thank you for your continued belief.

‍

5. Preparing to Win

‍

Ultimately, we believe that while the past few weeks have tested us, you don’t get a battle-tested team without the battles. The goal of the beta was to help support the protocol finding product-market fit, and our learnings through the beta exemplified for us the market gap, and we are more resolute than ever to build the tokenized risk protocol to fill it. We continue to see significant demand for what we are building, and the team is back at work cooking up a next version of Cork. This version will build off of all our lessons to date to develop an extremely reliable new DeFi primitive for all of the space that is more capital-efficient and useful. This experience proves that products that enable the market to price and hedge different risks have never been more critical, and we are committed to building a safer and better Cork.

‍

We’re Here to Help

‍

If you were affected by the exploit or have questions, we encourage you to be in touch. 

• @CorkProtocol on X: DM us directly for assistance
• Cork Discord: Join our recovery support thread

‍

We remain committed to full transparency and direct communication.

‍