The intellectual property finance platform Unleash Protocol, built on the Story ecosystem, suffered a security attack resulting in a 3.9 million dollar loss this December 30. According to security firm PeckShield, the incident was caused by a governance failure that allowed an attacker to take administrative control of the smart contracts. The stolen funds were subsequently sent to the cryptocurrency mixer Tornado Cash to hide their trail effectively.
The attacker managed to compromise the platform’s multi-signature (multisig) governance system, facilitating an unauthorized upgrade of the contracts. On the other hand, this maneuver allowed the withdrawal of various assets, including WIP, USDC, WETH, stIP, and vIP, to external addresses controlled by the criminal. Administrative control facilitated the illegal withdrawal of assets from the vaults. The security of the smart contracts was compromised by the attacker.
Once the funds were stolen, the perpetrator used third-party infrastructure to transfer the assets to the Ethereum network. Likewise, PeckShield reported that a total of 1,337.1 ETH was deposited into the mixing service Tornado Cash to hinder tracking efforts. In this way, the attacker attempted to erase the transaction history before authorities could intervene in the process. The use of Tornado Cash sought to hide the trail of the stolen funds. The assets were quickly moved to the Ethereum network after the robbery.
Administrative management vulnerability exposes significant risks in the Web3 sector
The Unleash Protocol platform confirmed the incident through its official channels and announced the immediate suspension of all its operations. On the other hand, both Unleash and the analytics firm LookonChain clarified that the exploit originated specifically from an internal governance failure rather than a vulnerability in the Story Protocol network itself. The team detected unauthorized activity in their contracts this morning. The investigation seeks to determine the root cause of access obtained by the hacker.
This type of attack highlights the risks associated with centralized or misconfigured governance systems in the decentralized finance environment. Additionally, Unleash Protocol is currently collaborating with independent security experts and forensic investigators to track the assets and strengthen its infrastructure. However, the reputational and financial damage poses a significant challenge for the project at the end of the year. Protocol operations have been fully paused as a precaution. Users are advised not to interact with contracts linked to the protocol.
Will on-chain intellectual property platforms be able to recover from these security breaches?
The incident at Unleash Protocol highlights the need for more rigorous audits in contract upgrade processes and multi-signature key management. Therefore, investor confidence in intellectual property tokenization protocols could be temporarily affected by this event. The security of user assets is the main priority for the team now. The sector expects corrective measures after this failure in administrative procedures.
In conclusion, the 3.9 million dollar theft marks a difficult year-end for the Story Protocol ecosystem. Likewise, the resolution of this case will depend on the effectiveness of forensic investigations and the possible recovery of funds through international cooperation. Therefore, users should stay informed through official channels for any updates on the status of their assets. Unleash Protocol faces a restructuring of its security measures. The impact on the digital intellectual property market is significant.
