Unleash Protocol, an intellectual property (IP) platform built on the Story protocol, reported detecting unauthorized activity involving its smart contracts on Dec. 30.
The security exploit led to the withdrawal and transfer of user funds worth millions of dollars from the protocol.
What is Unleash Protocol?
Unleash Protocol is an IP operating system that leverages blockchain technology to streamline the registration, licensing, and trading of IP assets. Not only does this protocol offer a clear and immutable record of ownership, but it also ensures that transactions are secure and traceable.
IP assets on the protocol become more accessible to a broader range of investors and collaborators.
It is built on the Story Protocol, a layer-1 blockchain network that offers a transparent and decentralized solution for IP management.
Whether it’s an idea, a song, or a non-fungible token (NFT), Story Protocol tokenizes every kind of IP.
Exploit at Unleash Protocol
The following crypto assets were affected by the security incident at Unleash Protocol:
* WIP
* USDC
* WETH
* stIP
* vIP
The protocol’s initial investigation revealed that an externally owned address gained access to administrative control via multisig governance and executed an unauthorized contract upgrade.
The upgrade led to unapproved asset withdrawals. The stolen assets were bridged using third-party infrastructure and transferred to external addresses, Unleash Protocol informed.
The protocol said there is no evidence of compromise to Story Protocol contracts, validators, or underlying infrastructure, and the exploit’s impact remains limited to Unleash-specific contracts and administrative controls.
For now, all Unleash Protocol operations have been immediately stopped to avoid further risk. It said it is working closely with security experts, forensic investigators, etc. to find out what led to the attack.
The protocol said it is preserving relevant on-chain data and coordinating with ecosystem partners and infrastructure providers.
As per the on-chain security platform PeckShieldAlert, Unleash Protocol has lost approximately $3.9 million in the exploit.
The malicious actor bridged the stolen funds to Ethereum and routed 1,337.1 ETH to Tornado Cash, PeckShieldAlert added.
