Hacking in the cryptocurrency space is becoming a frequent occurrence as the latest victim comes from a decentralized music streaming protocol named Audius, which reported that a hacker stole funds from its community treasury using a malicious governance vote, which ultimately resulted in a $1.1 million heist.
Audius is a decentralized music streaming protocol that allows artists to monetize their work using the governance and utility token called AUDIO. The token could be used on Ethereum and Solana networks as it has cross-chain capabilities on both chains.
Proposals in crypto help communities make consensus-based decisions. However, for the music platform, the passing of a malicious governance proposal resulted in the transfer of tokens that ultimately helped the hacker steal away the funds.
What you should know
- According to security firm CertiK, the hacker successfully modified certain configurations in the smart contract used by Audius’s governance system. As a result of the modified configurations, the perpetrator was able to become the “guardian” of the contract, according to the security firm.
- The hacker created and approved a governance proposal, Proposal #85, which requested a transfer of 18 million AUDIO tokens, the native token of the platform, from the community treasury. According to on-chain data, the exploit took place over the weekend.
- While these stolen tokens had a market value of more $6 million, the hacker could only sell them for 705 ether ($1.1 million) as a result of high amounts of market slippage, in a bid to sell the tokens as quickly as possible. According to blockchain data, the exploited funds still sit in the hacker’s wallet address.
- Audius said that it had identified and fixed issues in its smart contract and has already released a post-mortem report, which explains all the technical details of how the hack was perpetuated.
- The report concluded stating, “As noted, the vulnerability was mitigated within a few hours of discovery, and work is continuing to examine the storage modifications made by the attacker and to ensure safe resumption of the remaining Audius smart contract systems (Staking and DelegateManager).
- “The vast majority of Audius foundation, team, community (eg. via staking) and other funds associated with the ecosystem are safe and were unaffected by this incident. Work is in progress in collaboration with the community on possible remediations for the loss of funds, and we are fortunate that many options are still available. These will be discussed over coming weeks in the Audius governance forum, discord, and other venues before being proposed to the Audius governance process.”
Initially, the smart contract was put on pause but the company, however, resumed token transfers shortly after, adding that the “Remaining smart contract functionality is being unpaused after thorough examination/mitigation of the vulnerability.” Investors have recommended an immediate buyback to prevent existing investors from dumping and further lowering the token’s floor price.
.gif)
