Blockchain music streaming platform Audius loses $6 million to crypto hacking
Audius, a Web3 music streaming platform, became the latest victim of a cryptocurrency heist, revealing over the weekend that an attacker looted 18.6 million AUDIO tokens and sold them for 705 ETH.
As a decentralized platform, US-based Audius uses the Ethereum blockchain for its tokens.
Exploiting an undetected flaw in Audius’ governance smart contract, or the platform’s “community treasury,” the hacker delegated 10 trillion AUDIO tokens to himself in an attempt to pass a governance vote.
The hacker was able to transfer 18.6 million AUDIO tokens to a wallet they controlled, Audius said in a post-mortem report on the incident.
“The vulnerability was mitigated within a few hours of discovery, and work continues to investigate the storage changes made by the attacker and to ensure safe resumption of the remaining Audius smart contract systems.”
Audio
Audius, in one chirping on Sunday (July 24), said the problem has been found and fixes are underway, but the platform had to halt all smart contracts on Ethereum to prevent further damage.
As of Monday, all remaining funds and fixes have been deployed and all remaining smart contract components have been upgraded and resumed with the exception of stake and delegation functions, the company said in a recent update.
“The vulnerability was mitigated within a few hours of discovery, and work continues to investigate the storage changes made by the attacker and to ensure safe resumption of the remaining Audius smart contract systems,” Audius said.
Audius co-founder and CEO Roneil Rumburg confirmed the hack, saying the incident “was an exploit — not a proposal that was proposed or gone through any legitimate means.”
The platform appeared to have engaged Samczsun, a prominent crypto white hat hacker, to address the issue, according to a chirping thanks the hacker.
Samczsun is identified as a research partner and head of security at the venture capital firm Paradigm.
Almost a year ago, Samczsun managed to save SushiSwap and the Miso platform from a potential loss of as much as 109,000 ETH by patching a vulnerability.
SushiSwap is an Ethereum-based software that incentivizes a network of users to operate a platform where they can buy and sell crypto-assets.
Meanwhile, a number of crypto and blockchain security research firms released their own findings into the Audius hack, including Certificate and MistTrack. The latter said the hacker exchanged the 18.5 million AUDIO tokens via Uniswap – a cryptocurrency exchange that uses a decentralized network protocol – for just over $1 million ETH.
At the time of writing, the price of the AUDIO token fell almost 9% to $0.31, the lowest in about two weeks.
The incident marks a setback for Audius as it came just days after the company launched a new service that allows artists and curators to monetize their content by letting listeners send tips.
Audius’ platform is more invested in the cryptographic side of things as opposed to mainstream streaming platforms like Spotify and Apple Music.
Rumburg told MBW in an interview over a year ago that Audius develops features based on suggestions from the token-holding community.
“Our firm is almost like a consulting shop from a business model perspective — we’re working on these features and hope that the community will continue to support the work we’re doing,” Rumburg said at the time.
Bank of America analysts said in a recent research report that Audius’ decentralized music streaming platform “shifts power, profits, control and governance from record labels and centralized DSPs to artists and fans.”
However, the bank warned that the platform’s usage growth has slowed since December 2021.
The startup, founded in 2018, counts a number of artists including Katy Perry, Jason Derulo and Steve Aoki among its backers, according to Crunchbase data.Music business worldwide