Blockchain security firm PeckShieldAlert reported a major hack involving Unleash Protocol, a decentralized platform built on Story Protocol, where an attacker drained around $3.9 million in user funds.
Here’s how the hack happened. PeckShieldAlert report revealed.
According to PeckShieldAlert, the attacker targeted Unleash Protocol’s multi-signature governance system.
By doing so, the attacker gained unauthorized admin access and pushed through a contract upgrade that had not been approved by the core team. This change opened the door for funds to be withdrawn directly from the protocol.
After withdrawing the funds, the attacker bridged the assets to Ethereum and began breaking them into smaller chunks.
On-chain data shows 1,337.1 ETH was deposited into Tornado Cash, a privacy tool often used to hide transaction trails.
The repeated deposits, from small amounts to batches of 100 ETH, seem designed to hide the source of the stolen funds.
In its official incident notice, Unleash Protocol confirmed that several assets were impacted during the exploit. These include WIP, USDC, WETH, stIP, and vIP. The team stressed that the withdrawals happened outside normal governance rules and were not approved internally.
Importantly, Unleash clarified that there is no evidence of any compromise to Story Protocol, its validators, or its core infrastructure. The issue appears limited strictly to Unleash-specific contracts and admin controls.
Following the discovery, Unleash Protocol immediately paused all operations to prevent further damage. The team is now working with independent security experts and forensic investigators to identify the root cause.
Users have been advised to avoid interacting with Unleash Protocol contracts until further updates are shared through official channels.
The hack happened after an attacker gained unauthorized admin control via the multi-signature system and pushed an unapproved contract upgrade.
Roughly $3.9 million in user funds was drained, including ETH and multiple tokenized assets held within Unleash Protocol contracts.
The breach affected WIP, USDC, WETH, stIP, and vIP, all withdrawn outside approved governance and without internal authorization.
Users should avoid interacting with Unleash contracts until official updates are released, as the team continues forensic and security reviews.
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
All opinions and insights shared represent the author's own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
Binance’s Secure Asset Fund for Users (SAFU), created after the 2019 hack to protect customers,…
OpenClaw’s fast-growing plugin store, ClawHub, is under security spotlight after blockchain security firm SlowMist uncovered…
After a brutal week that rattled global markets, sentiment flipped almost overnight following Japan’s general…
South Korea’s Financial Supervisory Service (FSS) has released its 2026 crypto oversight plan, focusing on…
As the crypto ecosystem matures, one thing remains certain: gas fees continue to influence both…
The cryptocurrency market moved higher today, with the total market value rising about 3% to…
