Unleash Protocol, an intellectual property financing platform built on the Story ecosystem, lost around $3.9 million in a security breach, according to blockchain security company PeckShield.
The attacker tied the stolen assets to Ethereum and deposited 1,337.1 ether. in Tornado Cash, a cryptocurrency mixing service commonly used to hide transaction histories, according to PeckShield.
Unleash had previously reported the breach, without giving a figure for the amount.
“Today, we detected unauthorized activity involving Unleash Protocol smart contracts, which led to the withdrawal and transfer of funds from users,” the platform said in a post on
Affected assets include WIP, USDC, WETH, stIP, and viIP, depending on the protocol. After withdrawals, funds were connected using third-party infrastructure and transferred to external addresses.
Platforms like Unleash aim to bring intellectual property rights, such as media, brands, and creative works, into the chain, allowing them to be tokenized, licensed, or used as financial primitives within decentralized applications.
Both Unleash and on-chain analytics firm LookonChain said the exploit appeared to come from a governance flaw in Unleash, rather than a vulnerability in Story Protocol itself.
Unleash said it has paused all operations while the investigation continues and is working with independent security experts and forensic investigators to determine the root cause. Users have been advised not to interact with Unleash Protocol contracts until further notice and to follow official channels for updates.
