THE DAILY ENCRYPT

[date-today format='F j, Y']

Hacker Sets of with Over $1 Million After Breaking into Audius With Malware

An exploit was used to approve a malicious governance proposal (Proposal #85), which requested the transfer of 18,000,000 Audius' in-house Audio tokens valued at $6.1 million....
flat screen computer monitor displaying white and black screen
Photo by Mika Baumeister

An exploit was used to approve a malicious governance proposal (Proposal #85), which requested the transfer of 18,000,000 Audius’ in-house Audio tokens valued at $6.1 million.

Cryptocurrency proposals help communities reach consensus-based decisions. For decentralized music platform Auduis however, the passing a malicious governance proposal led to the transfer of tokens in crypto worth $6.1million, with the hacker taking $1 million.

A malicious proposal, Proposal #85 asking for the transfer of 18 millions Audius’ in-house tokens AUDIO, was approved by the community. First reported by Spreekaway on Crypto Twitter, the attacker made the malicious proposition that allowed them to “call initialize()” and make themselves the sole guardian for the governance contract.

Roneil Rumburg, co-founder of Audius and CEO of Cointelegraph, clarified to Cointelegraph that there was no malicious proposal.

“This was an exploit, not a proposal or passed through any legal means. It just happened to use governance system as the entry point.”
Auduis further investigated and confirmed that AUDIO tokens had been unauthorizedly transferred from the company’s treasury. Auduis took proactive measures to stop any further loss by halting all AUDIO tokens and smart contracts of Audius. The company, however, resumed token transfers shortly after, adding that the “Remaining smart contract functionality is being unpaused after thorough examination/mitigation of the vulnerability.”

Peckshield, a blockchain investigator, narrowed the blame to Audius’ inconsistent storage layout.

The hacker’s governance plan drained 18 million tokens, worth almost $6 million, from the treasury. It was quickly dumped and sold at $1.08million. Although the dumping caused maximum slippage investors suggested an immediate buyback to stop existing investors from dumping the token and further lowering its floor price.

The stolen funds are still not fully understood by investors. One investor said, “They hacked our community fund right?” Is the team’s fund separate?

Rumburg confirmed to Cointelegraph that the root causes of the exploit have been addressed and cannot be re-exploited. The community treasury and the foundation treasury are kept separate, so the funds remaining can be protected from any exploit.

Bored Ape Yacht Club nonfungible token creator Yuga Labs has issued its second warning regarding an “unprecedented coordinated attack” on its social media accounts.

In June, Gordon Goner (a pseudonymous cofounder of Yuga Labs ) issued the first warning about an incoming attack on its Twitter accounts. Twitter officials began monitoring the accounts immediately and strengthened their security.

Elena Argyros

Elena Argyros

Elena is cryptocurrency writer / journalist based in Europe. She has extensive knowledge in the crypto space and is a solidity programmer by trade. Elena has built an extensive resume working with some of the most ground breaking blockchain firms. Being in Europe, Elena has amassed a large network of professionals in the space and states "The technology behind blockchain is going to impact everyone on earth in a good way, once you get to understand it".
Elena Argyros

Elena Argyros

Elena is cryptocurrency writer / journalist based in Europe. She has extensive knowledge in the crypto space and is a solidity programmer by trade. Elena has built an extensive resume working with some of the most ground breaking blockchain firms. Being in Europe, Elena has amassed a large network of professionals in the space and states "The technology behind blockchain is going to impact everyone on earth in a good way, once you get to understand it".

© 2022 The Daily Encrypt. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Latest News
PRESS RELEASES