Unleash Protocol disclosed on Tuesday that it suffered a loss of 1,337 ETH worth approximately $4 million. Peckshield and CertiK tracking show that hackers laundered funds through Tornado Cash, sending multiple 100 ETH transactions to mixing services. The attackers gained unauthorized control of the multi-signature governance system, possibly executing unapproved contract upgrades via social engineering to bypass checks and withdraw funds.
Tornado Cash Laundering Tracking Report
According to on-chain activity and reports from multiple security firms, hackers are attempting to launder money using the Tornado Cash protocol on Ethereum. Tornado Cash is a cryptocurrency mixing service that pools user funds to break the traceable link between source and destination, making it difficult for law enforcement to track the flow of funds.
Peckshield notes that the attacker appears to have sent many 100 ETH blocks to this popular crypto mixing service. This batch transfer strategy is typical of money laundering, as transferring large sums at once is more likely to trigger monitoring systems. Splitting the 1,337 ETH into 13 to 14 transactions of 100 ETH each, spaced out over time, reduces the risk of immediate detection.
CertiK has begun flagging suspicious Wrapped ETH and IP token withdrawals, which are sent to an external account seemingly set up with SafeProxyFactory. This technical detail reveals the attacker’s expertise; SafeProxyFactory is a contract factory used to deploy new multi-signature wallets in Gnosis Safe (now Safe). The hacker used this tool to create temporary wallets to receive stolen funds, demonstrating a deep understanding of the Ethereum ecosystem.
Affected assets include WIP, USDC, WETH, stIP, and vIP, most of which have been bridged to Ethereum and sent to Tornado Cash. The bridging process itself complicates tracking, as assets cross multiple contracts and addresses, diluting traceability with each transfer. Once in Tornado Cash, funds are mixed with other users’ deposits, forming a “black box,” making it impossible to link input and output funds.
It’s noteworthy that Tornado Cash has been sanctioned by the U.S. Treasury since 2022; using the service itself is illegal. However, sanctions have not fully halted its operation because Tornado Cash is a decentralized smart contract protocol that cannot be shut down like centralized services. The fact that hackers are willing to risk legal repercussions by using Tornado Cash indicates their awareness of tracking techniques.
How Multi-Signature Governance Systems Can Be Compromised
Earlier Tuesday, Unleash disclosed a security breach. The project has suspended operations and begun forensic analysis. The attack appears to have originated from a breach of the multi-signature mechanism. Unleash posted on X: “Our preliminary investigation indicates that an externally owned address gained control through Unleash’s multi-signature governance and performed an unauthorized contract upgrade.”
In other words, the attacker gained management control over Unleash Protocol’s governance system without authorization, possibly through social engineering phishing or other security vulnerabilities, enabling them to execute upgrades bypassing normal checks and extract user funds. Such attack patterns are not uncommon in DeFi, but successfully breaching multi-signature mechanisms raises serious concerns.
Multi-signature wallets are a common asset protection mechanism in DeFi protocols. They require multiple private keys to sign transactions, theoretically preventing a single compromised key from stealing funds. However, this attack shows that multi-signature systems are not foolproof.
Three Possible Failures of Multi-Signature Mechanisms
Social Engineering Attacks: Hackers trick multiple signers via phishing emails or fake messages to leak private keys
Insider Malfeasance: Internal personnel holding multi-signature keys collude or are bribed to cooperate with hackers
Contract Exploits: Vulnerabilities in the multi-signature contract code itself allow attackers to bypass signing requirements
Unleash’s statement emphasizes that the “externally owned address” gained control, implying this may not be an insider threat but an external attacker who obtained sufficient signing authority through technical or social engineering means. The unauthorized upgrade allowed asset extraction outside of Unleash’s governance and operational procedures, indicating the attacker had full administrative control.
Story Protocol Ecosystem Security Warning
Unleash states: “This incident stems from the governance and permission framework of the Unleash protocol,” adding that “the impact appears limited to specific Unleash contracts and management controls,” and “there is no evidence that the Story Protocol contracts, validators, or underlying infrastructure have been compromised.” This statement aims to confine the damage scope to Unleash itself, avoiding broader implications for the entire Story Protocol ecosystem.
Unleash is one of many prominent applications built on Story Protocol. Story Protocol is a relatively new Layer 1 protocol focused on tokenizing intellectual property rights. The project’s backer, PIP Labs, has raised $140 million from top-tier investors. If this laundering incident raises concerns about the security of the Story Protocol ecosystem, it could impact other applications built on the protocol and the overall valuation.
The Unleash team has warned users not to interact with the protocol and promised to share updates once reliable information is available regarding the attack and potential remedies. Pausing protocol operations is a standard response to prevent further exploitation, but it also temporarily restricts legitimate users from accessing their assets.
From a broader perspective, this laundering event exposes the governance risks inherent in DeFi protocols. While multi-signature mechanisms are safer than single signatures, they still rely on human operation, which is the most vulnerable link. As DeFi’s locked value continues to grow, attacks targeting governance systems may become more frequent and sophisticated.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
ETH 15-minute surge 0.89%: Large whale withdrawals and liquidity tightening drive the rally
2026-03-23 13:30 to 2026-03-23 13:45 (UTC), ETH price rose 0.89% within 15 minutes, with a fluctuation range of 2143.4 to 2177.43 USDT and an amplitude of 1.58%. Market trading activity during this period was significantly higher than surrounding cycles, with concentrated short-term buy orders driving up market sentiment and notable increased volatility.
The main driver of this price movement was whale large withdrawals and rapid outflow of on-chain funds from exchanges: ETH net outflow from exchanges reached 828,440.11 coins within 24 hours, accompanied by single transactions exceeding 7.
GateNews25m ago
OnlyFans Founder Leonid Radvinsky Dies of Cancer at 43
Gate News report: On March 23, Bloomberg reported that Leonid Radvinsky, founder of OnlyFans, passed away from cancer at the age of 43. According to financial disclosure information from OnlyFans' parent company, the company had previously invested part of its operating funds in ETH, with a purchase cost of $19.889 million.
GateNews1h ago
BitMine increased holdings by 65,000 ETH last week, with total positions reaching 4.66 million ETH
BitMine increased its holdings by 65,341 ETH last week, bringing the total to 4,660,903 ETH, which accounts for 3.86% of the total Ethereum supply. Of these, 3.143 million ETH have been staked, and its asset reserves are valued at approximately $11 billion.
GateNews1h ago
ETH up 0.95% in 15 minutes: Whale transfers and short liquidations resonate to push prices higher
Between 2026-03-23 12:30 and 12:45 (UTC), ETH recorded a +0.95% return rate, with a price range of 2120.7–2147.02 USDT and a volatility amplitude of 1.24%. During this period, market attention increased significantly, with intensified capital flows and volatility, and increased short-term trading activity.
The primary drivers of this price movement were large on-chain transfers and position structure adjustments in the derivatives market. Whales collectively transferred 30,354 ETH into new wallets, causing changes to market liquidity structure, which drove spot trading and expected volatility upward. Meanwhile, perpetual futures funding
GateNews1h ago
Boyaa Interactive Doubles Down on Bitcoin and Ethereum With $70 Million Expansion Plan
Boyaa Interactive is investing $70 million in crypto assets, viewing Bitcoin and Ethereum as long-term reserves despite market volatility. This move aligns with its shift towards blockchain and Web3, although it carries risks associated with regulatory changes and price fluctuations.
CryptometerIo1h ago
