Unleash Protocol, a platform for financing intellectual property within the Story ecosystem, suffered a loss of approximately $3.9 million due to a security incident, as reported by the blockchain security firm PeckShield.
The hacker transferred the stolen assets to Ethereum, converting 1,337.1 ether into Tornado Cash, a service used to anonymize crypto transactions, according to PeckShield.
Unleash previously reported the breach but did not disclose the financial impact.
“Today, we identified unauthorized activity related to Unleash Protocol smart contracts that resulted in the withdrawal and transfer of user funds,” the platform stated in a post on X. “Our initial findings suggest that an external address gained control through Unleash’s multisignature governance, permitting an unauthorized contract upgrade that facilitated asset withdrawals outside sanctioned governance protocols.”
The affected assets included WIP, USDC, WETH, stIP, and vIP, the protocol confirmed. Following the withdrawals, the funds were moved using third-party infrastructure to external addresses.
Platforms such as Unleash seek to digitize intellectual property rights, including media, brands, and creative works, allowing them to be tokenized, licensed, or utilized as financial assets within decentralized applications.
Both Unleash and the onchain analytics company LookonChain indicated that the hack appeared to result from a governance malfunction at Unleash, and not from a flaw in the Story Protocol itself.
Unleash has paused all operations while the investigation is ongoing and is collaborating with independent security specialists and forensic experts to ascertain the cause. Users are advised to refrain from interacting with Unleash Protocol contracts until further updates are provided via official channels.
