Crypto Hack: Attacker Drains $3.9M from Unleash Protocol

Key Insights:

• The latest crypto hack news follows an attacker’s exploit on the Unleash Protocol, where they withdrew roughly $3.9 million.
• This exploit affected only Unleash Protocol’s smart contracts and did not impact the app’s parent blockchain, Story Protocol.
• Early investigations indicated an external address gained administrative control through the protocol’s multisignature governance system.

The latest crypto hack news follows an attacker’s exploit on the Unleash Protocol. Hackers withdrew roughly $3.9 million and routed the funds to Tornado Cash. Perkshield posted an update about the attack, noting that the exploiter first bridged the stolen funds to Ethereum before withdrawing them.

Crypto Hack News: Hacker Drains $3.9M from Unleash Protocol

Unleash Protocol, which serves as an onchain marketplace application, suffered a smart contract exploit. Here, the attacker executed a series of illegal withdrawals. An update by the protocol on X estimated the initial loss at roughly $3.9 million.

Investigators found that the breach happened through the protocol’s multisig system. The attacker tricked the system into updating the contract. It let them take funds without the team’s approval.

The exploit affected only Unleash Protocol’s smart contracts. It did not impact the app’s parent blockchain, Story Protocol.

Unleash is a relatively new marketplace, holding just $4.4 million in total value locked. This is not the first time the decentralized app has faced an exploit, as it lost millions of dollars shortly after its launch.

The team has stopped all activity and is looking into what happened. They are also checking if some of the stolen money can be recovered.

Early reports indicate that the attacker moved over 1,337 ETH and sent it through Tornado Cash to conceal their tracks. The known exploiter address received initial ETH funding before executing several transfers of 100 ETH each to the mixer.

Unleash Protocol had previously reported the breach without specifying the amount involved. The platform stated that it had detected unauthorized activity affecting its smart contracts. It resulted in the withdrawal and transfer of user funds.

Early investigations indicated an external address gained administrative control through the protocol’s multisignature governance system. This allowed an unauthorized contract upgrade. That enabled withdrawals outside approved governance processes.

Unleash Breach May Stall Story Protocol

The recent crypto hack on Unleash could stall the progress of Story Protocol, since the marketplace app was one of its most active apps. The platform has been working to create a Layer 1 blockchain and an ecosystem for managing intellectual property.

At the close of 2025, Story Protocol held $8 million in liquidity, including $2.69 million in stablecoins. Over the past week, it lost more than 24% of its stablecoin reserves, a shift unrelated to the Unleash incident.

Most apps in the Story ecosystem are small. However, the hack shows that even modest projects can be vulnerable to smart contract exploits.

After the breach was made public, Story Protocol’s token, IP, dropped from $1.62 to $1.50. The token has fallen sharply over the last quarter, down from a peak above $13 earlier in the year.

Insights from SlowMist suggest that 2025 saw 200 protocol hacks, down from 400+ in 2024. Despite the lower number of incidents, attackers hit larger liquidity hubs. They caused losses exceeding $2.9 billion, up from $2 billion the previous year.

Crypto attacks have become increasingly sophisticated, targeting even smaller projects. They ranged from minor token thefts to large-scale drains of major DeFi projects, including Cetus, resulting in losses of roughly $649 million.

Centralized exchanges ended up being the biggest target for hackers, with more than $1.8 billion stolen over the year. These numbers indicate that while DeFi is often targeted, even large, established exchanges can be highly attractive to thieves.