Hacker drains $1.08M from Audius following passing of malicious proposal

Proposals in crypto help communities make consensus-based decisions. However, for decentralized music platform Auduis, the passing of the malicious governance proposal led to the change in tokens worth $6.a million, using the hacker making away with $a million. 

On This summer 24, a malicious proposal (Proposal #85) requesting the change in 18 million Audius’ in-house AUDIO tokens was approved by community voting. First stated on Crypto Twitter by @spreekaway, the attacker produced the malicious proposal in which these were “able to initialize() and hang themself because the sole protector from the governance contract.”

Talking with Cointelegraph, Audius co-founder and Chief executive officer Roneil Rumburg clarified the community didn’t pass a malicious proposal:

This was a exploit – not really a proposal suggested or undergone any legitimate means – it simply became of make use of the governance system because the access point for that attack.

Further analysis from Auduis confirmed the unauthorized change in AUDIO tokens in the company’s treasury. Following a thought, Auduis proactively stopped all Audius smart contracts and AUDIO tokens around the Ethereum blockchain to prevent further losses. The organization, however, started again token transfers soon after, adding the “Remaining smart contract functionality has been unpaused after thorough examination/minimization from the vulnerability.”

Blockchain investigator Peckshield narrowed lower the fault to Audius’ storage layout inconsistencies.

As the hacker’s governance proposal drained out 18 million tokens worth nearly $six million in the treasury, it had been soon dumped and offered for $1.08 million. As the dumping led to maximum slippage, investors suggested an instantaneous buyback to avoid existing investors from dumping and additional decreasing the token’s floor cost. 

Investors are yet to obtain clearness around the stolen funds as you investor requested, “They hacked the city fund right? The team’s fund is separate correct?”

Rumburg confirmed with Cointelegraph the real cause from the exploit continues to be mitigated and can’t be re-exploited. Considering that the community treasury is kept separate in the foundation treasury, the rest of the funds remain protected from any exploit.

Related: Yuga Labs warns of ‘persistent threat group’ targeting NFT holders

Bored Ape Yacht Club (BAYC) creator Yuga Labs issued its second warning a good expected “coordinated attack” on its social networking accounts.

In June, Gordon Goner, pseudonymous co-founding father of Yuga Labs, issued the very first warning of the possible incoming attack on its Twitter social networking accounts. Right after the warning, Twitter officials positively monitored the accounts and prepared their existing security.

Latest stories

You might also like...