Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label smart contract upgrade attack. Show all posts
Unleash Protocol hack
crypto security breach Cyber Attacks smart contract upgrade attack Unleash Protocol exploit Unleash Protocol hack

Unleash Protocol Suffers $3.9M Crypto Loss After Unauthorized Smart Contract Upgrade

 

Decentralized intellectual property platform Unleash Protocol has reported a loss of approximately $3.9 million in digital assets following an unauthorized upgrade to its smart contracts that enabled illicit withdrawals.

The Unleash team stated that the attacker managed to gain sufficient signing authority to function as an administrator within the project’s multisig governance framework.

"Our initial investigation indicates that an externally owned address gained administrative control via Unleash’s multisig governance and carried out an unauthorized contract upgrade," the company says in a public announcement.

"This upgrade enabled asset withdrawals that were not approved by the Unleash team and occurred outside our intended governance and operational procedures."

Unleash Protocol positions itself as a blockchain-based operating system for intellectual property management, transforming IP into tokenized on-chain assets. These assets can be used within decentralized finance (DeFi) applications, while smart contracts automate licensing, monetization, and royalty distribution among predefined stakeholders.

By exploiting the unauthorized contract upgrade, the attacker unlocked withdrawal functionality and siphoned multiple assets, including WIP (wrapped IP), USDC, WETH (wrapped Ether), stIP (staked IP), and vIP (voting-escrowed IP).

Blockchain security firm PeckShieldAlert estimates the total losses at roughly $3.9 million.

Following the withdrawals, the stolen funds were bridged using third-party services and sent to external wallets to obscure their movement. PeckShieldAlert further noted that the attacker deposited the funds into the Tornado Cash mixing service, totaling 1,337 ETH.

Tornado Cash, which was sanctioned by the United States in 2022 and later delisted in 2025 for its involvement in laundering funds linked to North Korean hacking groups, allows users to obscure transaction trails before moving funds to new wallets. Although intended to enhance privacy on public blockchains, the service has frequently been misused by cybercriminals to evade tracking and asset recovery.

In response to the breach, Unleash Protocol has halted all platform operations and initiated a comprehensive investigation with external security specialists to identify the root cause. The team is also assessing possible remediation and recovery strategies.

Until further notice, users have been urged to avoid interacting with Unleash Protocol smart contracts and to rely solely on official communication channels for updates regarding platform safety.
Read more »
Subscribe to: Comments (Atom)