Unleash Protocol disclosed on Tuesday that it suffered a loss of 1,337 ETH worth approximately $4 million. Peckshield and CertiK tracking show that hackers laundered funds through Tornado Cash, sending multiple 100 ETH transactions to mixing services. The attackers gained unauthorized control of the multi-signature governance system, possibly executing unapproved contract upgrades via social engineering to bypass checks and withdraw funds.
Tornado Cash Laundering Tracking Report
According to on-chain activity and reports from multiple security firms, hackers are attempting to launder money using the Tornado Cash protocol on Ethereum. Tornado Cash is a cryptocurrency mixing service that pools user funds to break the traceable link between source and destination, making it difficult for law enforcement to track the flow of funds.
Peckshield notes that the attacker appears to have sent many 100 ETH blocks to this popular crypto mixing service. This batch transfer strategy is typical of money laundering, as transferring large sums at once is more likely to trigger monitoring systems. Splitting the 1,337 ETH into 13 to 14 transactions of 100 ETH each, spaced out over time, reduces the risk of immediate detection.
CertiK has begun flagging suspicious Wrapped ETH and IP token withdrawals, which are sent to an external account seemingly set up with SafeProxyFactory. This technical detail reveals the attacker’s expertise; SafeProxyFactory is a contract factory used to deploy new multi-signature wallets in Gnosis Safe (now Safe). The hacker used this tool to create temporary wallets to receive stolen funds, demonstrating a deep understanding of the Ethereum ecosystem.
Affected assets include WIP, USDC, WETH, stIP, and vIP, most of which have been bridged to Ethereum and sent to Tornado Cash. The bridging process itself complicates tracking, as assets cross multiple contracts and addresses, diluting traceability with each transfer. Once in Tornado Cash, funds are mixed with other users’ deposits, forming a “black box,” making it impossible to link input and output funds.
It’s noteworthy that Tornado Cash has been sanctioned by the U.S. Treasury since 2022; using the service itself is illegal. However, sanctions have not fully halted its operation because Tornado Cash is a decentralized smart contract protocol that cannot be shut down like centralized services. The fact that hackers are willing to risk legal repercussions by using Tornado Cash indicates their awareness of tracking techniques.
How Multi-Signature Governance Systems Can Be Compromised
Earlier Tuesday, Unleash disclosed a security breach. The project has suspended operations and begun forensic analysis. The attack appears to have originated from a breach of the multi-signature mechanism. Unleash posted on X: “Our preliminary investigation indicates that an externally owned address gained control through Unleash’s multi-signature governance and performed an unauthorized contract upgrade.”
In other words, the attacker gained management control over Unleash Protocol’s governance system without authorization, possibly through social engineering phishing or other security vulnerabilities, enabling them to execute upgrades bypassing normal checks and extract user funds. Such attack patterns are not uncommon in DeFi, but successfully breaching multi-signature mechanisms raises serious concerns.
Multi-signature wallets are a common asset protection mechanism in DeFi protocols. They require multiple private keys to sign transactions, theoretically preventing a single compromised key from stealing funds. However, this attack shows that multi-signature systems are not foolproof.
Three Possible Failures of Multi-Signature Mechanisms
Social Engineering Attacks: Hackers trick multiple signers via phishing emails or fake messages to leak private keys
Insider Malfeasance: Internal personnel holding multi-signature keys collude or are bribed to cooperate with hackers
Contract Exploits: Vulnerabilities in the multi-signature contract code itself allow attackers to bypass signing requirements
Unleash’s statement emphasizes that the “externally owned address” gained control, implying this may not be an insider threat but an external attacker who obtained sufficient signing authority through technical or social engineering means. The unauthorized upgrade allowed asset extraction outside of Unleash’s governance and operational procedures, indicating the attacker had full administrative control.
Story Protocol Ecosystem Security Warning
Unleash states: “This incident stems from the governance and permission framework of the Unleash protocol,” adding that “the impact appears limited to specific Unleash contracts and management controls,” and “there is no evidence that the Story Protocol contracts, validators, or underlying infrastructure have been compromised.” This statement aims to confine the damage scope to Unleash itself, avoiding broader implications for the entire Story Protocol ecosystem.
Unleash is one of many prominent applications built on Story Protocol. Story Protocol is a relatively new Layer 1 protocol focused on tokenizing intellectual property rights. The project’s backer, PIP Labs, has raised $140 million from top-tier investors. If this laundering incident raises concerns about the security of the Story Protocol ecosystem, it could impact other applications built on the protocol and the overall valuation.
The Unleash team has warned users not to interact with the protocol and promised to share updates once reliable information is available regarding the attack and potential remedies. Pausing protocol operations is a standard response to prevent further exploitation, but it also temporarily restricts legitimate users from accessing their assets.
From a broader perspective, this laundering event exposes the governance risks inherent in DeFi protocols. While multi-signature mechanisms are safer than single signatures, they still rely on human operation, which is the most vulnerable link. As DeFi’s locked value continues to grow, attacks targeting governance systems may become more frequent and sophisticated.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Robert Kiyosaki warns of a “fake coin” crash, insisting Bitcoin is the safest asset for 2026
Robert Kiyosaki, in a recent post, said that Bitcoin and Ethereum could become the safest investments of 2026, because the United States continues to print money, debt is rising, and inflation is worsening. He criticized the safety of U.S. Treasuries as “the biggest lie,” and noted that real assets and cryptocurrencies can preserve wealth during inflation. His investment recommendations include holding Bitcoin, gold, silver, and commodities. Although some of his predictions weren’t accurate, some of his long-term predictions have come true.
MarketWhisper3h ago
ETH 15-minute surge of 0.97%: Tightened on-chain net outflows and DeFi lockups both supporting the price rise
2026-04-05 15:15 to 2026-04-05 15:30 (UTC), during this period ETH’s return within 15 minutes was +0.97%, the price range was 2040.32 to 2063.89 USDT, and the amplitude reached 1.15%. During this period, market attention increased, volatility clearly intensified, and short-term capital remained active, driving ETH slightly higher.
The main drivers of this abnormal move are ETH’s net outflows from exchanges and the persistently high DeFi locked-in amount. According to on-chain data, the 24-hour net outflow amount reached -11,970.54 E
GateNews3h ago
ETH 15-minute drop of 0.62%: Large funds withdrawing in size and ETF net outflows converging to amplify volatility
From 2026-04-05 12:30 to 12:45 (UTC), the ETH price range is 2022.11 to 2037.82 USDT. The 15-minute K-line return is -0.62%, and the amplitude is 0.77%. Against the backdrop of elevated on-chain activity, market attention has increased, volatility has picked up, and this reflects stronger short-term risk-averse sentiment.
The main driver behind this unusual move is that large funds have continued flowing out of exchanges. Data shows that in the past 24 hours, ETH net outflows were as high as -11,970.54 coins, and in the $1M-$10M range, large net outflows were -5
GateNews6h ago
10x Research: Tether’s USDT issuance on Ethereum surpasses Tron—ETH could become the main beneficiary of stablecoin growth
10x Research noted that over the past five years, Ethereum (ETH) has performed lackluster, with its price trading around $2,000, mainly due to weak on-chain activity leading to insufficient demand. After falling 57% from its 2025 peak, ETH’s current valuation remains low, while capital accumulation is still ongoing; USDT’s issuance has surpassed Tron, sparking discussion that ETH could become a leading beneficiary of stablecoin growth. Analysts are now re-evaluating ETH’s potential turning point.
GateNews7h ago
