Tuesday 16 August 2022
Home / 6 Questions for... / Hacker drains $1.08M from Audius following passing of malicious proposal

Hacker drains $1.08M from Audius following passing of malicious proposal

Proposals in crypto help communities make consensus-based decisions. However, for decentralized music platform Auduis, the passing of a malicious governance proposal resulted in the transfer of tokens worth $6.1 million, with the hacker making away with $1 million.

On Sunday, a malicious proposal, Proposal #85, requesting the transfer of 18 million Audius’ in-house AUDIO tokens was approved by community voting. First pointed out on Crypto Twitter by spreekaway, the attacker created the malicious proposal wherein they were “able to call initialize() and set himself as the sole guardian of the governance contract.”

Speaking to Cointelegraph, Audius co-founder and CEO Roneil Rumburg clarified that the community did not pass a malicious proposal:

“This was an exploit — not a proposal proposed or passed through any legitimate means — it just happened to use the governance system as the entry point for the attack.”

Further investigation from Auduis confirmed the unauthorized transfer of AUDIO tokens from the company’s treasury. Following the revelation, Auduis proactively halted all Audius smart contracts and AUDIO tokens on the Ethereum blockchain to avoid further losses. The company, however, resumed token transfers shortly after, adding that the “Remaining smart contract functionality is being unpaused after thorough examination/mitigation of the vulnerability.”

Blockchain investigator Peckshield narrowed down the fault to Audius’ storage layout inconsistencies.

While the hacker’s governance proposal drained out 18 million tokens worth nearly $6 million from the treasury, it was soon dumped and sold for $1.08 million. While the dumping resulted in maximum slippage, investors recommended an immediate buyback to prevent existing investors from dumping and further lowering the token’s floor price.

Investors are yet to get clarity on the stolen funds, as one investor asked, “They hacked the community fund right? The team’s fund is separate correct?”

Rumburg confirmed with Cointelegraph that the root cause of the exploit has been mitigated and cannot be re-exploited. Given that the community treasury is kept separate from the foundation treasury, the remaining funds remain safe from any exploit.

Related: Yuga Labs warns of ‘persistent threat group’ targeting NFT holders

Bored Ape Yacht Club (BAYC) nonfungible token (NFT) creator Yuga Labs issued its second warning about an expected “coordinated attack” on its social media accounts.

In June, Gordon Goner, pseudonymous co-founder of Yuga Labs, issued the first warning of a possible incoming attack on its Twitter social media accounts. Soon after the warning, Twitter officials actively monitored the accounts and fortified their existing security.

About Sean Patterson

Check Also

STEPN Kickstarts Gamers’ Interest As GMT Capitalizes On Bullish Retracement

And the game is on for STEPN as the GMT token plays in sync with other cryptocurrencies amplified for the bull run. In the past couple of weeks, STEPN has been making upgrades on its network to rekindle the waning interest of gamers. And the token seems to be making a lot of progress. The move-to-earn game has recently rolled out Health Points that set a certain life cycle for STEPN sneakers. They also were brewing an exciting STEPNrun Contest that is scheduled to kick off from July 25 to August 8 which is meant to get the word out about STEPN on social media. The contest is designed to run on both Instagram and Twitter. Related Reading: Cardano Pulls Up 5% In 24 Hours, Unfazed By Vasil Hard Fork Delay GMT Token Price Warms Up At $1.01 The GMT token price is currently at $1.01 and is forecasted to take off in the past couple of days. It looks like STEPN is just warming up at this point with its recent updates. 5 BTC + 300 Free Spins for new players & 15 BTC + 35.000 Free Spins every..

Leave a Reply

Your email address will not be published. Required fields are marked *