- Hacker Protocol exfiltrated 1,337 ETH by way of compromised Unleash multisig governance.
- The stolen funds have been routed by means of Twister Money to cover the traces of the transactions.
- The breach is proscribed to Unleash and Story Protocol’s infrastructure will not be affected.
Hackers who not too long ago exploited the Unleash Protocol have begun laundering stolen funds by means of the Ethereum-based privateness service Twister Money, in accordance with an on-chain knowledge and blockchain safety firm.
The attackers are trying to cowl up the path of roughly 1,337 ETH value roughly $4 million that was leaked from Unleash earlier this week.
Safety corporations PeckShield and CertiK reported that the funds have been transferred to Ethereum and break up into a number of batches, usually round 100 ETH every, earlier than being deposited into Twister Money, a well known cryptocurrency mixing protocol.
Governance takeover led to Unleash exploit
Unleash acknowledged on Tuesday that it had suffered a significant safety breach, leading to losses of roughly $3.9 million.
Protocol suspended operations and started a forensic investigation into the incident.
In response to Unleash, preliminary findings point out that an externally owned pockets gained unauthorized administrative management over the protocol by means of a multi-signature (multisig) governance system.
The attackers have been then in a position to carry out fraudulent contract upgrades and withdraw person funds with out correct authorization.
“This improve enabled asset withdrawals that weren’t approved by the Unleash staff and occurred outdoors of our supposed governance and operational procedures,” the staff stated in an announcement revealed on X.
Safety analysts have steered that the breach might have been the results of phishing or one other type of social engineering that allowed the attackers to achieve management of governance keys, successfully bypassing normal safeguards.
Stolen property bridged and commingled
The stolen property reportedly included Wrapped IP (WIP), USDC, Wrapped Ether (WETH), stIP, and vIP tokens.
On-chain evaluation reveals that the majority of those property have been first bridged to Ethereum, then consolidated into ETH and routed by means of Twister Money, an method generally utilized by hackers to thwart monitoring and restoration efforts.
CertiK stated it first detected suspicious withdrawals of WETH and IP-related tokens despatched to externally owned addresses created utilizing Secure’s SafeProxyFactory, a well-liked good contract framework for multisig wallets.
A deposit of 1337.1 ETH (roughly $3.9 million) was detected from 0xc946981F5dFBFA10cf858B95d51Fc06DCD15BfE3 to Twister Money.
The fund is monitoring suspicious withdrawals of Wrapped ETH and Story Tokens from multisigs that will have been compromised. pic.twitter.com/YIFEAEwilc
— CertiK Alert (@CertiKAlert) December 30, 2025
Unleash says there shall be no impression on the broader ecosystem
Unleash burdened that the breach was restricted to its personal governance and administration agreements.
The Unleash staff stated there may be at the moment no proof that Story Protocol, the layer 1 blockchain on which Unleash is constructed, has been compromised.
“The impression seems to be restricted to Unleash-specific contracts and administrative controls,” the Unleash staff stated, including that Story Protocol validators, core infrastructure, and contracts stay unaffected.
Unleash is likely one of the most high-profile purposes throughout the Story Protocol ecosystem centered on tokenized mental property and on-chain IP administration.
PIP Labs, the corporate behind Story Protocol, has raised roughly $140 million in funding from outstanding traders.
Warning customers as investigation continues
The Unleash staff is asking customers to not work together with the protocol whereas the investigation is ongoing, and stated it should present updates on the incident and potential remediation measures as extra verified data turns into out there.
As of this writing, Unleash has not disclosed whether or not it plans to undertake any fund restoration efforts or compensate affected customers, and hackers’ use of Twister Money might considerably complicate efforts to hint or get well stolen property.