Unleash hacker begins laundering $4 million in ETH through Tornado Cash
A hacker is attempting to launder some 1,337 ETH, worth nearly $4 million, drained from the Unleash Protocol using the Tornado Cash protocol on Ethereum, according to onchain movements and multiple security firms. Earlier on Tuesday, Unleash disclosed a security breach that resulted in about $3.9 million in losses. The project has since paused operations and begun a forensic analysis of the attack, which appears to stem from a compromised multisig. “Our initial investigation indicates that an externally owned address gained administrative control via Unleash’s multisig governance and carried out an unauthorized contract upgrade,” Unleash wrote on X. “This upgrade enabled asset withdrawals that were not approved by the Unleash team and occurred outside our intended governance and operational procedures.In other words, an attacker gained unauthorized administrative control over Unleash Protocol's governance system, potentially through a socially engineered phishing scheme or another security compromise, enabling them to execute an upgrade that bypassed normal checks to withdraw user funds from the protocol.The affected assets include WIP (Wrapped IP), USDC, WETH, stIP, and vIP, most of which have since been bridged to Ethereum and sent to Tornado Cash in an attempt to obscure an audit trail and complicate asset recovery. Peckshield noted the attacker appears to have sent many 100 ETH chunks to the popular crypto mixing service.CertiK began flagging suspicious withdrawals of Wrapped ETH and IP tokens that were sent to an externally owned account that appears to have been set up using the SafeProxyFactory.“The incident originated within Unleash Protocol’s governance and permission framework,” Unleash said, adding, “The impact appears limited to Unleash-specific contracts and administrative controls” and that “there is no evidence of compromise to Story Protocol contracts, validators, or underlying infrastructure.”Unleash is one of the more prominent applications built on the Story Protocol, a relatively new Layer 1 focused on tokenized intellectual property use cases. PIP Labs behind Story has raised $140 million in total funding.The Unleash team has cautioned users from interacting with the protocol and said it will share updates about the attack and potential remediation "as soon as reliable information becomes available." The Block reached out for comment but did not immediately receive a reply.Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.