Unleash Protocol has disclosed a security breach that resulted in the loss of approximately $3.9 million in funds, following unauthorized activity involving its smart contracts.
In a statement published on X on December 30, Unleash Protocol confirmed that it detected abnormal behavior earlier in the day that led to the withdrawal and transfer of assets from the protocol.
According to the team, an internally conducted investigation found that an externally owned address gained administrative control through Unleash’s multisig governance structure. The attacker subsequently executed an unauthorized contract upgrade, enabling the extraction of funds.
“This upgrade enabled asset withdrawals that were not approved by the Unleash team and occurred outside our intended governance and operational procedures.”
Affected Assets and Fund Movement
The protocol reported that multiple assets were impacted in the incident. At this stage, the affected tokens include:
– WIP
– USDC
– WETH
– stIP
– vIP
Following the unauthorized withdrawals, the stolen assets were bridged using third-party infrastructure and transferred to external addresses, complicating immediate recovery efforts.
Emergency Response and Ongoing Investigation
In response to the incident, Unleash Protocol has paused all operations to mitigate further risk. The team stated that a comprehensive investigation is underway, including a full audit of multisig signer activity, key management practices, and internal governance procedures.
The protocol emphasized that protecting users remains its top priority as it works to assess the full scope of the breach.
Guidance for Users
Unleash Protocol issued the following recommendations to users:
– Refrain from interacting with Unleash Protocol smart contracts until further notice
R- ely exclusively on official Unleash communication channels for updates and instructions
About Unleash Protocol
Unleash Protocol is a decentralized finance and intellectual property management platform built within the Story Protocol ecosystem. The project aims to modernize how creators register, license, and trade intellectual property by offering a blockchain-based marketplace designed to improve transparency and efficiency in IP ownership and monetization.
DeFi Security Concerns
The exploit adds to a growing list of security incidents affecting decentralized finance platforms this year. While broader crypto market conditions have been challenging, DeFi protocols in particular have faced sustained pressure from exploits tied to governance weaknesses, key management failures, and contract upgrade mechanisms.
As investigations continue, the Unleash incident underscores the ongoing risks associated with complex governance structures and the importance of robust security controls in on-chain systems.