Unleash Protocol Suffers $3.9M ETH Drain via Tornado Cash

• Exploiter abused multisig governance to withdraw USDC, WETH, stIP, and vIP assets.

• 34 ETH transfers went to Tornado Cash, including structured 100 ETH batches.

• Protocol paused operations, investigating multisig activity and enhancing security measures.

A security breach hit Unleash Protocol on Story Protocol, resulting in a loss of roughly $3.9 million in user funds. According to PeckShieldAlert, an unauthorized actor exploited administrative control in the protocol’s multisig governance.

Consequently, the exploiter upgraded smart contracts, enabling asset withdrawals outside official procedures. The stolen funds, including USDC, WETH, stIP, and vIP, were then bridged to Ethereum and routed to Tornado Cash, a crypto mixing service. This systematic transfer indicates an intentional attempt to obscure the transaction trail.

PeckShieldAlert’s data highlights a concentrated pattern of Ethereum transactions. The compromised wallet executed 34 outgoing transfers within 11 to 12 hours, sending all funds directly into Tornado Cash deposit contracts. Transaction sizes followed structured denominations, with multiple 1 ETH deposits, several 10 ETH transfers, and a significant cluster of 100 ETH deposits.

Secondly, there is an additional 0.1 ETH transaction that came to view in this analysis period. Batching transactions to affect multiple addresses demonstrates that the transactions were not random but were the act of individuals planning their transaction laundering. Network fee charges did not change in that they were constant at around 0.0028-0.0030 ETH. All these transactions were sent out by one wallet.

Investigation and Protocol Response

Unleash Protocol confirmed the incident in a statement, emphasizing that Story Protocol’s core infrastructure remained uncompromised. They explained, “The incident originated within Unleash Protocol’s governance and permission framework. There is no evidence of compromise to Story Protocol contracts, validators, or underlying infrastructure.”

The protocol immediately paused operations to prevent further loss. Additionally, they are collaborating with security experts to investigate multisig signer activity, key management practices, and governance procedures.

Moreover, Unleash Protocol urges users to avoid interacting with its contracts until further notice. They continue to preserve on-chain data and coordinate with ecosystem partners. According to their statement, the team prioritizes transparent communication and careful remediation measures.