A malicious actor stole $6 million from music platform Audius through the platform’s decentralized governance system.
Hackers created a malicious proposal to transfer 18 million AUDIO tokens from the community treasury, an action purportedly approved by the Audius community. According to Twitter user @spreekaway, he designated himself as the sole guardian of the contract by calling the smart contract function “initialize()”.
Audius initially suspended smart contracts and AUDIO tokens to prevent further loss of funds in the community coffers, and resumed smart contract functionality shortly thereafter. Funds in both the community treasury and the foundation treasury are safe.
The company said a full autopsy report could be released tomorrow.
Hackers cause audio prices to slide
After stealing 18 million tokens for $6 million, the hacker sold it for $1.08 million on the decentralized exchange Uniswap, causing the AUDIO token price to slide. Slippage is the difference between the expected price of a token and the price when the order is executed, and can be expressed as a percentage or dollar amount. One investor suggested buybacks to prevent the sell-off from causing prices to fall further. Another investor gave Audius an ultimatum: recover, or they’re out.
An initial investigation by blockchain security firm Peckshield pointed to an inconsistent storage layout as the root cause of the issue, which Audius has fixed at press time. Exploitation is no longer possible.
Audius cut out labels
Audius was founded to connect music artists with fans without intermediaries like labels. Originally designed as a blockchain version of SoundCloud, Audius is a place where artists can make immutable tracks and fans can listen to them for free. Artists are free to monetize their work and receive 90% of the income. The remaining 10% is allocated to node operators.
Audius recently launched a service that enables holders of AUDIO governance tokens to tip their favorite artists on the platform, allowing artists to react to emojis. The AUDIO token is an ERC-20 token that lives on Ethereum but has a bridge to Solana that increases transaction speed and reduces costs.
It’s also one of the first streaming platforms to partner with short-video hosting service TikTok, allowing the platform’s users to integrate Audius content into their videos.
Audius has been criticized for hosting copyrighted content on its platform that cannot be removed.
At press time, AUDIO has recovered to $0.34.
What do you think about this topic? Write to tell us!
All information contained on our website is published in good faith and for general information purposes only. Any action that readers take with respect to the information on our site is entirely at their own risk.