Blockchain music streaming platform, Audius, gets hacked for $1.1 million

Hacking in the cryptocurrency space is becoming a frequent occurrence as the latest victim comes from a decentralized music streaming protocol called Audius, which reported that a hacker stole funds from the community’s treasury using a malicious governance vote, which ultimately resulted in a robbery of 1.1 million dollars.

Audius is a decentralized music streaming protocol that allows artists to monetize their work using the governance and utility token AUDIO. The token can be used on Ethereum and Solana networks since it has cross-chain functionality on both chains.

Proposals in crypto help communities make consensus-based decisions. However, for the music platform, the adoption of a malicious governance proposal resulted in the transfer of tokens that ultimately helped the hacker steal the funds.

What you should know

  • According to security firm CertiK, the hacker modified certain configurations in the smart contract used by Audius’ control system. As a result of the modified configurations, the perpetrator was able to become the “guardian” of the contract, according to the security firm.
  • The hacker created and approved a governance proposal, proposal #85, which requested a transfer of 18 million AUDIO tokens, the original token of the platform, from the community treasury. According to data from the chain, the exploitation took place over the weekend.
  • While these stolen tokens had a market value of more than $6 million, the hacker was only able to sell them for 705 Ether ($1.1 million) as a result of large amounts of market slippage, in an effort to sell the tokens as quickly as possible. According to blockchain data, the leveraged funds are still sitting in the hacker’s wallet address.
  • Audius said it had identified and fixed issues in its smart contract and has already released a post-mortem report, which explains all the technical details of how the hack was perpetuated.
  • The report concluded that “As mentioned, the vulnerability was mitigated within a few hours of discovery, and work continues to investigate the storage changes made by the attacker and to ensure safe resumption of the remaining Audius smart contract systems (Staking and DelegateManager).
  • The vast majority of the Audius Foundation, team, community (e.g. via staking) and other funds linked to the ecosystem are safe and were unaffected by this incident. We are working with the community on possible remedies for the loss of funds, and we are fortunate that many options are still available. These will be discussed over the coming weeks in Audiu’s governance forum, discord and other arenas before being proposed for Audiu’s governance process.”

Initially, the smart contract was paused, however, the company resumed token transfers shortly after, adding that “Remaining smart contract functionality is paused after thorough investigation/reduction of the vulnerability.Investors have recommended an immediate buyback to prevent existing investors from dumping and further lower the token’s floor price.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *