Unleash Protocol Hack

In December 2025, Unleash Protocol lost about $3.9 million after an attacker gained control of its multisig governance and executed an unauthorized contract upgrade, per PeckShield’s monthly summary. By seizing the privileged upgrade path, the attacker was able to redirect protocol assets without needing a flaw in the application logic itself. Unleash paused operations while it assessed the breach. The incident, alongside a same-month $3.9 million execution-layer exploit on the Flow blockchain, illustrated December’s dominant theme of access-control and key-management failures rather than novel smart-contract bugs, reinforcing the case for timelocked upgrades, distributed multisig signers, and on-chain monitoring of privileged governance actions.