A hacker behind the recent Unleash Protocol breach has begun attempting to launder stolen funds, moving roughly 1,337 ether—worth close to $4 million—through the Tornado Cash mixing service on Ethereum, according to onchain data and multiple blockchain security firms.
The activity follows Unleash’s disclosure earlier this week of a security incident that resulted in approximately $3.9 million in losses. In response, the project paused its operations and launched a forensic investigation to determine how the attack unfolded.
Unleash said its early findings point to a compromise within its governance system. In a public statement, the team explained that an externally owned wallet gained unauthorized administrative control through the protocol’s multisig setup. That access was then used to carry out an unapproved contract upgrade, enabling asset withdrawals that bypassed established governance safeguards.
Security analysts believe the attacker may have relied on social engineering tactics, such as phishing, or another form of credential compromise to gain control. Once administrative permissions were obtained, the attacker was able to drain funds without triggering normal internal checks.
The stolen assets included Wrapped ETH, USDC, and several protocol-specific tokens, including WIP, stIP, and vIP. Most of these funds were later bridged to Ethereum and routed through Tornado Cash in an apparent effort to obscure transaction histories and complicate recovery efforts. Blockchain security firm PeckShield reported that the attacker split the funds into multiple transfers of roughly 100 ETH each, a common tactic used to reduce traceability. CertiK also flagged suspicious withdrawals tied to an externally owned account created using the SafeProxyFactory.
#PeckShieldAlert @UnleashProtocol on @StoryProtocol reported an unauthorized drain, resulting in a ~$3.9M loss.
— PeckShieldAlert (@PeckShieldAlert) December 30, 2025
The exploiter then bridged the stolen funds to #Ethereum and deposited them (1,337.1 $ETH) into Tornado Cash. https://t.co/KHVBm0DWBr pic.twitter.com/Lc8qMzkJGV
Unleash emphasized that the breach was limited in scope. According to the team, the incident affected only Unleash-specific contracts and administrative controls. There is currently no evidence that Story Protocol—the underlying Layer 1 blockchain on which Unleash is built—was compromised, nor were its validators or core infrastructure impacted.
Unleash is one of the more visible applications operating within the Story Protocol ecosystem, which focuses on tokenized intellectual property use cases. Story Protocol’s developer, PIP Labs, has raised a reported $140 million in funding, highlighting the broader interest in the network despite the setback.
For now, Unleash has urged users not to interact with the protocol while the investigation continues. The team said it will provide updates on the breach and any remediation plans once more verified information becomes available.
