Hacker pockets $1.1 million after stealing from music streaming protocol Audius

Quick Take

  • Audius was hacked using a malicious governance vote.
  • The hacker transferred 18 million AUDIO tokens and sold them for $1.1 million.

Decentralized music streaming protocol Audius reported that a hacker stole funds from its community treasury using a malicious governance vote. 

According to security firm CertiK, the hacker successfully modified certain configurations in the smart contract used by Audius's governance system. With these changes, the perpetrator was able to become the “guardian” of the contract.

The hacker then proceeded to create and approve a governance proposal (Proposal #85) requesting a transfer of 18 million AUDIO tokens from the community treasury. According to on-chain data, the exploit took place at 7 p.m. ET on Saturday.

While these stolen tokens had a market value of more $6 million, the hacker could only sell them for 705 ether ($1.1 million) amid high amounts of market slippage. The exploited funds still sit in the hacker's address.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

In an update, Audius said that it had identified and fixed issues in its smart contract, adding that a post-mortem report will be provided soon. Meanwhile, the smart contract has been put on a pause.

Audius is a decentralized music streaming protocol that allows artists to monetize their work using the governance and utility token called AUDIO. The token could be used on Ethereum and Solana networks. 


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.