Unleash Protocol reports unauthorized activity in the contract, resulting in the transfer of some users' funds

The IPFi platform in the Story ecosystem, Unleash Protocol, has announced that its smart contracts experienced unauthorized activity, resulting in the extraction and transfer of user funds.

Preliminary investigations indicate that an external address gained management permissions through Unleash's multi-signature governance mechanism and executed an unauthorized contract upgrade, triggering unapproved asset withdrawals. The affected assets currently confirmed include WIP, USDC, WETH, stIP, and vIP. The related assets were subsequently transferred to an external address via third-party cross-chain infrastructure.

Unleash stated that the incident originated from its own governance and permission framework, and there is no evidence to suggest that the contracts, validators, or underlying infrastructure of the Story Protocol were affected; the impact appears to be limited to Unleash-related contracts and management permissions. All protocol operations have been suspended.