TLDR
- Unleash Protocol detected unauthorized activity, leading to the withdrawal of user funds.
- The breach originated from unauthorized control of Unleash’s multisig governance system.
- Affected assets include WIP, USDC, WETH, stIP, and vIP, transferred using third-party infrastructure.
- Unleash Protocol paused all operations and is reviewing multisig activity and governance processes.
- The investigation is ongoing, and users are urged to refrain from interacting with contracts until further notice.
Unleash Protocol, a decentralized finance (DeFi) platform built on the Story Protocol ecosystem, designed to facilitate Intellectual Property Finance (IPFi), suffered a breach. The platform detected unauthorized activity involving its smart contracts, resulting in the withdrawal and transfer of user funds. The breach stemmed from an externally owned address gaining unauthorized control of Unleash’s multisig governance and initiating an unauthorized contract upgrade.
Unauthorized Activity Originates from Governance Framework
According to the Unleash Protocol team notice that was shared on X, “the breach occurred through its multisig governance system, which allowed an unauthorized contract upgrade.” This upgrade facilitated the withdrawal of funds that were not approved by the Unleash team. The assets affected in this breach include WIP, USDC, WETH, stIP, and vIP. The withdrawn assets were then bridged using third-party infrastructure and transferred to external addresses.
Unleash Protocol Incident Notice
Earlier today, we detected unauthorized activity involving Unleash Protocol smart contracts, which led to the withdrawal and transfer of user funds.
Our initial investigation indicates that an externally owned address gained administrative…
— Unleash Protocol (꧁IP OS꧂) (@UnleashProtocol) December 30, 2025
At this stage, the investigation shows no evidence of compromise within Story Protocol’s contracts, validators, or underlying infrastructure. The breach appears to be limited to Unleash Protocol-specific contracts and administrative controls. The team is currently investigating further, with a focus on determining how the external address gained control of the multisig governance system.
Actions Taken by Unleash Protocol and Next Steps for Users
In response to the breach, the Unleash Protocol team stated, “Unleash Protocol has paused all operations immediately to prevent further risks.” The team is working closely with independent security experts and forensic investigators to understand the root cause. The protocol is also conducting a comprehensive review of multisig signer activity, key management practices, and governance processes to ensure no further vulnerabilities exist.
The Unleash team is preserving all relevant on-chain data and coordinating with ecosystem partners and infrastructure providers. The team is considering remediation and recovery actions, which will be communicated once validated. They have urged users to refrain from interacting with the protocol’s contracts until further notice and to follow official communication channels for updates.
The investigation into the breach remains ongoing, with the Unleash team prioritizing transparency and responsible communication. “The breach’s full impact is still being assessed, and all necessary steps will be taken to recover from the incident,” said the team. Users are advised to stay updated through official channels as the team works to resolve the situation and share further instructions once the next steps are confirmed.
The post Unleash Protocol Suffers Breach, Unauthorized Withdrawal Detected appeared first on Blockonomi.
Source: https://blockonomi.com/unleash-protocol-suffers-breach-unauthorized-withdrawal-detected/