Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Market News

Unleash Protocol Exploit: $3.9M Stolen via Multisig Governance Breach

Unleash Protocol loses $3.9M in a governance-based exploit after attackers bridged 1,337 ETH to Ethereum and used Tornado Cash to hide the stolen funds.

Written By Vanshita Kanjani
Fact Checked by Jahnu Jagtap
Published 2025-12-31·Updated 6 months ago
Make The Crypto Times preferred on GoogleGoogle
Share
Unleash Protocol Exploit $3.9M Stolen via Multisig Governance Breach

Key Highlights

  • Unleash Protocol suffered a $3.9 million loss after an attacker compromised its multisig governance setup.
  • The attacker used unauthorized administrative access to upgrade contracts and drain user assets.
  • Stolen funds were bridged to Ethereum and laundered through the Tornado Cash mixing service.

On Tuesday, an attacker reportedly drained $3.9 million from Unleash Protocol, a decentralized finance (DeFi) project built on Story Protocol. The attacker seemingly gained unauthorized control over the project’s multisig governance, allowing a harmful contract upgrade that allowed the withdrawal of several user assets. 

After seizing the funds, the attacker transferred the money across third-party bridges to the Ethereum network, eventually laundering 1,337.1 ETH through the Tornado Cash mixing service to cover their tracks. Security monitors first identified the breach, and the Unleash team confirmed it after noticing unusual activity involving their smart contracts. 

Unleash Protocol Incident Notice

Earlier today, we detected unauthorized activity involving Unleash Protocol smart contracts, which led to the withdrawal and transfer of user funds.

Our initial investigation indicates that an externally owned address gained administrative…

— Unleash Protocol (꧁IP OS꧂) (@UnleashProtocol) December 30, 2025

Attack method and asset impact

According to the project’s incident report, the intruder targeted Unleash Protocol’s internal permission system instead of exploiting a flaw in the code itself. The affected assets at this point include WIP, USDC, WETH, stIP, and vIP. There were rapid deposits into Tornado Cash; amounts ranged from 0.1 ETH test transactions to multiple 100 ETH transfers. This shows a pre-planned exit strategy.

This incident shows ongoing weaknesses in decentralized governance structures. Unleash Protocol stated that the unauthorized upgrade “occurred outside our intended governance and operational procedures.” While the loss is huge for the Unleash ecosystem, the Story Protocol seems to be unaffected.

The team stated that “there is no evidence of compromise to Story Protocol contracts, validators, or underlying infrastructure.” This shows that the security failure was limited to the dApp, not the network it operates on.

Systemic risks and protocol response

The exploit has raised concerns about the security of multisig setups and the dangers of centralized administrative setups in DeFi. In response to the incident, Unleash Protocol has paused all operations and is working with investigators to review its management practices. 

The team is committed to assessing recovery and remediation measures, but they have warned users to “refrain from interacting with Unleash Protocol contracts until further notice.” This event serves as a reminder of how quickly administrative features can be misused if governance keys are compromised.

User security and permission revocation

Following the breach, users are advised to safeguard their wallets by revoking smart contract permissions previously granted to Unleash Protocol. Since active approvals allow applications to move assets, a compromised administrative control could potentially lead to further unauthorized withdrawals. 

By using revocation tools or blockchain explorers to cancel these allowances, users can break the link between their funds and the affected contracts. This helps in preventing additional losses even if the protocol remains compromised.

Also Read: Koinly Reports Email Data Leak After Third-Party Vendor Breach

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Crypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Robinhood Chain Outperforms Hyperliquid in Dex Volume
Robinhood Chain Outperforms Hyperliquid in Dex Volume
Web3 Gets Another Seat at the Table as India's Panel Reviews Corporate Laws Bill
Web3 Gets Another Seat at the Table as India’s Panel Reviews Corporate Laws Bill
84% of STRC, SATA Holders Didn't Sell Below Par, Survey Finds
84% of STRC, SATA Holders Didn’t Sell Below Par, Survey Finds
New Clarity Act Draft Set to Drop Next Week as Senate Eyes July 20 Floor Vote
New Clarity Act Draft Set to Drop Next Week as Senate Eyes July 20 Floor Vote
Former Epoch Times CFO Pleads Guilty to $67M Crypto Laundering Scheme
Former Epoch Times CFO Pleads Guilty to $67M Crypto Laundering Scheme

Find Us on Socials

You may also like

Circle Wins OCC Approval to Launch National Trust Bank for USDC

Circle Wins OCC Approval to Launch National Trust Bank for USDC

India's Crypto Crackdown Surat Engineer Held in ₹24.72 Cr Fraud Probe

India’s Crypto Crackdown: Surat Engineer Held in ₹24.72 Cr Fraud Probe

Goldman Sachs & JPMorgan Join Wall Street Crackdown on Prediction Markets

Goldman Sachs & JPMorgan Join Wall Street Crackdown on Prediction Markets

Gate Softens Stance on $1.7M Loss, Pledges Recovery Help and an Apology

Gate Softens Stance on $1.7M Loss, Pledges Recovery Help and an Apology

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information