As discussions surrounding the CLARITY Act—often referred to as the crypto market structure bill—continue in Washington, Kristin Smith, President of the Solana Policy Institute, has provided insights on the current status of the legislation and the organization’s top priorities. 

Solana Policy Institute’s Optimism For CLARITY Act 

One of the main priorities disclosed by Smith in a recent post on social media platform X (formerly Twitter), is the importance of protecting open-source developers in the legislative landscape.

Smith pointed out that the recent delay in the markup of the market structure bill last week after Coinbase’s withdrawal should be seen as a temporary setback. “Despite the delay, industry engagement remains robust, and there is clear bipartisan support to achieve durable regulatory clarity for market structure,” she noted.

The Senate Agriculture Committee is making advancements with its own draft of the legislation expected to be released on Wednesday, as earlier reported by Bitcoinist.

Smith also highlighted a shared objective: to create a framework that protects consumers, fosters innovation, and provides certainty for developers operating in the United States. A central tenet of this goal is the safeguarding of developers, which Smith argued is crucial for the success of the industry.

Smith Advocates For Developer Protections

The Solana Institute was founded to ensure that policymakers gain a comprehensive understanding of public blockchains and the protocols that underpin them. 

Smith articulated the critical role that open-source software plays within the crypto ecosystem, noting that developers around the world collaborate to produce software that anyone can inspect, use, or improve. “Openness is a strength—not a liability,” she asserted.

However, she raised concerns regarding the case against Roman Storm of Tornado Cash, indicating that it treats open-source innovation as something questionable. Smith warned that penalizing developers merely for writing and publishing open-source code endangers all those involved in such collaborative efforts. 

She emphasized the “chilling effect” that the prosecution could have on open-source developers, asserting that writing code is an expressive act protected by the First Amendment.

Smith called for clear policy that differentiates between bad actors and developers working on lawful, general-purpose tools. To bolster this cause, she encouraged supporters to draft letters expressing their stance in favor of open-source protections.

Roman Storm responded to Smith’s support, thanking her and the broader community for advocating for open-source principles. He remarked, “Criminalizing the act of writing and publishing code threatens not just one developer, but the foundations of digital security, privacy, and innovation.” 

At the time of writing, Solana’s native token, SOL, was trading at $130.33, mirroring the performance of the broader crypto market, dropping 11% in the weekly time frame.   

Featured image from DALL-E, chart from TradingView.com

• An unauthorised contract upgrade enabled direct withdrawals from the protocol.
• Funds were bridged to Ethereum and laundered through Tornado Cash.
• Assets affected included WIP, USDC, WETH, stIP, and vIP.

A governance failure at Unleash Protocol has resulted in a major security breach, with attackers draining around $3.9 million in user funds.

The incident was first identified by blockchain security firm PeckShieldAlert and later confirmed by the Unleash team.

While the exploit did not affect the wider Story ecosystem, it has renewed attention on how governance mechanisms can become a critical point of failure in decentralised finance.

Unleash Protocol is a decentralised platform built on Story Protocol.

The project said the incident was limited to its own contracts and administrative controls, with no signs of compromise across Story Protocol’s validators or core infrastructure.

Even so, the event shows how vulnerabilities at the application level can still lead to significant losses.

Governance controls bypassed

On-chain analysis indicates the attacker targeted Unleash Protocol’s multi-signature governance system.

By exploiting weaknesses in how admin permissions were enforced, the attacker gained unauthorised access normally reserved for approved signers.

This access was then used to push through a contract upgrade that had not been sanctioned by the core team.

The unauthorised upgrade altered how the protocol handled withdrawals. With standard governance checks effectively bypassed, the attacker was able to move funds directly out of the protocol.

According to Unleash, these actions occurred outside its established governance framework and were not detected until after the funds had already been removed.

Laundering through bridges and mixers

After extracting the assets, the attacker bridged the funds to Ethereum. From there, the assets were broken into multiple transactions, a strategy often used to make tracking more difficult.

Blockchain data shows that 1,337.1 ETH was later deposited into Tornado Cash. The deposits were made in varying sizes, ranging from small transfers to batches of up to 100 ETH.

This pattern suggests a deliberate attempt to obscure transaction trails and reduce the effectiveness of on-chain monitoring tools.

Tokens impacted

In an official incident notice, Unleash Protocol confirmed that several assets were affected during the exploit.

These included WIP, USDC, WETH, stIP, and vIP.

The team reiterated that all affected withdrawals took place through the unauthorised contract upgrade rather than through normal user interactions.

The clarification that Story Protocol itself was not compromised is significant.

It indicates that the breach stemmed from Unleash’s internal governance design, not from flaws in the underlying blockchain or its validator set.

Emergency measures taken

Following confirmation of the breach, Unleash Protocol paused all platform operations to prevent further losses.

The team said it is working with independent security experts and forensic investigators to determine how the governance safeguards were bypassed and whether additional vulnerabilities remain.

Users have been advised to avoid interacting with Unleash Protocol contracts until further updates are issued.

The project has stated that future communications will be shared only through official channels as the investigation continues.

The post How a governance failure led to the Unleash Protocol hack appeared first on CoinJournal.