Crypto hacks have become quite frequent in the last year with platforms such as Poly Network, Crypto.com, BitMart, and others losing cryptocurrencies worth millions of dollars. The latest crypto heist is an attack on blockchain music streaming platform Audius.
Audius announced that a malicious governance proposal tagged Proposal #85 which requested the transfer of 18 million AUDIO tokens (its platform’s token) worth $6.1 million from its community treasury got approved via an exploit.
Hello everyone – our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report back as soon as we know more.
If you'd like to help our response team, please reach out.
The approval which came on Sunday was first noticed by a Twitter account with the handle Spreekaway. The hacker(s) created the malicious proposal and was able to initialize and make himself the sole guardian of the governance contract.
Audius is a decentralized music streaming protocol that enables artists to monetize their talents using its governance and utility token called AUDIO. The AUDIO token can be used on both Ethereum and Solana’s networks thanks to the cross-chain capabilities it possesses. While proposals in the crypto space help communities make consensual decisions, the passing of a malicious governance proposal made Audius lose $6.1 million worth of AUDIO tokens which the hacker sold for $1.1 million.
“This was an exploit. Not a proposal proposed or passed through any legitimate means. It just happened to use the governance system as the entry point for the attack,” Audius co-founder and CEO Roneil Rumburg said emphasizing that the community did not pass a malicious proposal.
Audius said that its investigations revealed the unauthorized transfer of AUDIO tokens from the company’s treasury. The platform paused all of its smart contracts and AUDIO tokens on the Ethereum blockchain to avoid further losses.
It has since resumed token transfers adding that the “Remaining smart contract functionality is being unpaused after thorough examination/mitigation of the vulnerability.”
According to Peckshield, the hack was a result of Audius’ storage layout inconsistencies. Although the hacker stole 18 million tokens worth $6.1 million, it was soon sold for $1.1 million. While this dumping resulted in maximum slippage, investors recommended an immediate buyback to prevent existing investors from dumping and further lowering the token’s floor price.
The issue of @AudiusProject lies in inconsistent storage layout between its proxy and impl. In particular, the collision of Audius Community Treasury contract results in an equivalence of disabling the initializer modifier. The proxyAdmin addr (0x..abac) plays a role here. pic.twitter.com/x4CqRncahp
Ibhadojemu Lucky Emmanuel is a graduate of Education and Economics from the University of Benin. He has a passion for tech and business and has been writing professionally for over a period of five years. He's written across various topics and segments and knew tech-business was it when he first stumbled on it. He has a great passion for music and arts, and wants to visit as many countries as he can someday.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
