A malicious actor siphoned $6 million from music platform Audius through the platform’s decentralized governance system.
The hacker created a malicious proposal requesting the transfer of 18 million AUDIO tokens from the community treasury, an action supposedly approved by the Audius community. He assigned himself as the sole guardian of the contract by calling the smart contract function “initialize(),” according to Twitter user @spreekaway.
Audius initially paused smart contracts and AUDIO tokens to prevent further loss of funds from the community treasury, resuming smart contract functionality soon after. Funds in the community treasury and the foundation treasury are both safe.
The company said it would likely release a full post-mortem tomorrow.
Hacker causes slippage in AUDIO price
After stealing 18 million tokens for $6 million, the hacker sold them for $1.08 million on decentralized exchange Uniswap, causing a slippage in the AUDIO token price. Slippage is the difference between the expected price of a token and the price when the order executes and can be expressed as a percentage or a dollar amount. One investor suggested a buyback to prevent a selloff that would drive the price down further. Another investor gave Audius an ultimatum: recover, else they are out.
An initial investigation by blockchain security company Peckshield pointed to an inconsistent storage layout as the root cause of the problem, which Audius had fixed by press time. The exploit is no longer possible.
Audius cutting out labels
Audius was founded to connect music artists to fans without an intermediary like a label. Initially designed to be a blockchain version of SoundCloud, Audius is where artists can produce immutable tracks that fans can listen to free of charge. Artists have freedom with how they monetize their work and receive 90% of revenue. The remaining 10% is distributed to node operators.
Audius recently launched a service enabling holders of the AUDIO governance token to tip their favorite artists on the platform, allowing the artists to react with emojis. The AUDIO token is an ERC-20 token that lives on Ethereum but has a bridge to Solana to improve transaction speed and lower costs.
It is also one of the first streaming platforms to partner with short-form video-hosting service TikTok, allowing users of the platform to incorporate Audius content into their videos.
Audius came under criticism for hosting copyrighted content on its platform that it couldn’t remove.
At press time, AUDIO had recovered to $0.34.
What do you think about this subject? Write to us and tell us!
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.