Unleash Protocol noted a series of unauthorized withdrawals, based on a smart contract exploit. The protocol estimated initial losses at $3.9M. Unleash Protocol, a market app built on Story Protocol, noted a series of unauthorized withdrawals from one of its smart contracts. The protocol identified the exploit as connected to the Unleash multisig governance. The hacker managed to force an unauthorized contract update, allowing the withdrawal of funds without the approval of the protocol team. Unleash Protocol Incident Notice Earlier today, we detected unauthorized activity involving Unleash Protocol smart contracts, which led to the withdrawal and transfer of user funds. Our initial investigation indicates that an externally owned address gained administrative… — Unleash Protocol (꧁IP OS꧂) (@UnleashProtocol) December 30, 2025 The exploit only affected the Unleash smart contracts, with no effects on Story Protocol . Unleash Protocol is a relatively new app, with just $4.4M in total value locked. The protocol was drained of most of its liquidity soon after launching. Unleash Protocol stopped all operations and is now further investigating the cause and the potential to intercept some of the funds. Initial investigations show the attacker managed to bridge over 1,300 ETH, sending them to Tornado Cash. The exploiter’s known address was funded with ETH initially, then called for several transfers of 100 ETH directly to Tornado Cash. Unleash hack could slow down Story Protocol Story Protocol may slow down its development, as Unleash was among its top apps. Story Protocol aimed to build the infrastructure for intellectual property. Story Protocol created another L1 chain, setting out to build its own ecosystem. At the end of 2025, Story Protocol held $8M in liquidity and $2.69M in stablecoins. In the past week, the protocol saw an outflow of over 24% of its stablecoins, independent of the Unleash Protocol hack. The Story Protocol ecosystem contains relatively smaller apps. However, the Unleash hack shows that even small protocols are watched for potential exploits and errors in smart contracts. Following the exploit announcement, the native Story protocol token IP fell from $1.62 to $1.50 . IP unraveled in the past quarter, from a yearly peak above $13. SlowMist counted 200 exploits in 2025 According to SlowMist, 2025 saw 200 incidents of hacks against protocols, down from over 400 incidents for 2024. Despite this, the hackers managed to attack bigger liquidity hubs, for a total loss of over $2.9B, up from $2B in 2024. The recent attacks were more sophisticated, even when affecting relatively small protocols. Hackers targeted smart contracts, attacking DeFi platforms and liquidity pools. One of the main methods was to seek ways to make unauthorized withdrawals or mint tokens through a flawed smart contract. DeFi was the most frequently attacked type of project, with 126 incidents for the past year. The attacks ranged from small-scale token theft to draining leading apps like Cetus. DeFi exploits drained around $649M, while the incidents on centralized exchanges were the main source of value for exploiters, with over $1.8B for the past year. Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.
