Nov 22, 2024
$47K
Freysa Act I
User redefined approveTransfer via prompt injection.
DEVNET · LIVE
Onleash
Agents unleashed. Wallets on leash.
Token-2022 transfer hook for AI agent wallets. Spending policy enforced at the mint layer, not in middleware. A jailbroken agent can sign anything — the chain refuses to clear it.
the problem
AI agents have wallets. They're getting drained.
Mar 18, 2025
$106K
aixbt × Simulacrum
Pipeline injection via operator dashboard.
Mar 2025
mainnet
ElizaOS × Princeton
Memory injection, real ETH drained on mainnet.
Apr 2026
$500K
LLM router drain
9 of 428 routers silently replaced recipients.
how it works
Policy lives in the token, not the wallet.
Solana's Token-2022 transfer-hook extension lets a mint specify a program that runs on every transfer. Onleash is that program. Three checks; any failure reverts the entire atomic transaction.
Check 1
Destination allowlist
Up to 8 approved destination token accounts per mint. Anything else, the chain rejects.
Error code 6001
Check 2
Per-tx maximum
Hard ceiling on a single transfer amount. No oversized exfiltration.
Error code 6002
Check 3
Daily cap (24h rolling)
Cumulative limit per rolling window. Self-resets after 24h on the next transfer.
Error code 6003
integration · 5 lines
// pnpm add @onleash/sdk
import { OnleashClient } from "@onleash/sdk";
const client = new OnleashClient(connection, wallet);
await client.deployProtectedMint({
decimals: 6,
perTxMax: 10n * 1_000_000n,
dailyCap: 50n * 1_000_000n,
allowlist: [approvedPoolATA],
});on-chain · devnet