Unleash Protocol falls into malicious trap: $3.9 million USD wiped out through management system manipulation

A sophisticated attack occurred on Unleash Protocol on Story Protocol today (30/12). The attackers used malicious tactics to manipulate the project's multi-signature governance system, thereby executing unauthorized smart contract upgrades.

### Urgent scale of damage

According to official reports, all user funds have been redirected, including:
- WIP tokens
- USDC stablecoins
- WETH (Wrapped Ether)
- stIP and vIP tokens

The total asset loss amounts to **$3.9 million USD**, transferred via blockchain to external wallet addresses controlled by the attackers.

### Attack mechanism and response

The main vulnerability lies in the governance approval process. The attackers exploited loopholes in the multi-signature mechanism to gain upgrade rights to the contract, a privilege usually tightly protected.

Unleash Protocol responded quickly:
- Paused all project activities
- Initiated a comprehensive investigation and audit
- Warned users not to interact with their contracts

Notably, Story Protocol (mother platform) was not directly affected by this incident, limiting the scope of impact to applications built on the ecosystem.