Unleash Protocol hit by $3.9 million exploit with funds routed through Tornado Cash

• Unleash Protocol lost about $3.9 million in a security breach, according to blockchain security firm PeckShield.
• The breach is attributed to a governance failure at Unleash, leading to unauthorized control and asset withdrawal.
• The attacker used Tornado Cash to obscure the transaction history after transferring the stolen assets to Ethereum.

Unleash Protocol, an intellectual property finance platform built on the Story ecosystem, lost about $3.9 million in a security breach, according to blockchain security firm PeckShield.

The attacker bridged the stolen assets to Ethereum and deposited 1,337.1 ether ETH$2,969.20 into Tornado Cash, a crypto mixing service commonly used to obscure transaction histories, according to PeckShield.

Unleash had reported the breach earlier, without putting a figure on the amount.

"Earlier today, we detected unauthorized activity involving Unleash Protocol smart contracts, which led to the withdrawal and transfer of user funds," the platform said in a post on X. "Our initial investigation indicates that an externally owned address gained administrative control through Unleash’s multisignature governance system, enabling an unauthorized contract upgrade that allowed asset withdrawals outside approved governance procedures."

Assets affected include WIP, USDC, WETH, stIP and vIP, the protocol said. After the withdrawals, the funds were bridged using third-party infrastructure and transferred to external addresses.

Platforms like Unleash aim to bring intellectual property rights, such as media, brands and creative works, on-chain, enabling them to be tokenized, licensed or used as financial primitives within decentralized applications.

Both Unleash and onchain analytics firm LookonChain said the exploit appeared to stem from a governance failure at Unleash, rather than a vulnerability in Story Protocol itself.

Unleash said it paused all operations while the investigation continues and is working with independent security experts and forensic investigators to determine the root cause. Users have been advised not to interact with Unleash Protocol contracts until further notice and to follow official channels for updates.

2025 was defined by a stark divergence: structural progress collided with stagnant price action. Institutional milestones were reached and TVL increased across most major ecosystems, yet the majority of large-cap Layer-1 tokens finished the year with negative or flat returns.

This report analyzes the structural decoupling between network usage and token performance. We examine 10 major blockchain ecosystems, exploring protocol versus application revenues, key ecosystem narratives, mechanics driving institutional adoption, and the trends to watch as we head into 2026.

• Prenetics has halted its bitcoin purchasing strategy due to a prolonged downturn in the cryptocurrency market.
• The company will focus its resources on its IM8 business, which has generated over $100 million in annualized recurring revenue.
• Prenetics will retain its existing 510 bitcoin as a reserve asset, valued at nearly $45 million.

Disclosure & Polices: CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of Bullish (NYSE:BLSH), an institutionally focused global digital asset platform that provides market infrastructure and information services. Bullish owns and invests in digital asset businesses and digital assets and CoinDesk employees, including journalists, may receive Bullish equity-based compensation.