According to ChainCatcher, Unleash Protocol, an IPFi platform within the Story ecosystem, issued a statement saying that its smart contract experienced unauthorized activity, resulting in the withdrawal and transfer of user funds.
Preliminary investigations indicate that an external address gained administrative privileges through Unleash's multi-signature governance mechanism and executed an unauthorized contract upgrade, triggering an unauthorized asset withdrawal. Currently confirmed affected assets include WIP, USDC, WETH, stIP, and vIP. These assets were subsequently transferred to the external address via a third-party cross-chain infrastructure.
Unleash stated that the incident stemmed from its own governance and permission framework, and there is currently no evidence that Story Protocol contracts, validators, or underlying infrastructure have been affected. The impact appears to be limited to Unleash-related contracts and administrative permissions. All protocol operations have been suspended.
