Hacker pockets $1.1 million after stealing from music streaming protocol Audius

Quick Take

  • Audius was hacked using a malicious governance vote.
  • The hacker transferred 18 million AUDIO tokens and sold them for $1.1 million.

Decentralized music streaming protocol Audius reported that a hacker stole funds from its community treasury using a malicious governance vote. 

According to security firm CertiK, the hacker successfully modified certain configurations in the smart contract used by Audius's governance system. With these changes, the perpetrator was able to become the “guardian” of the contract.

The hacker then proceeded to create and approve a governance proposal (Proposal #85) requesting a transfer of 18 million AUDIO tokens from the community treasury. According to on-chain data, the exploit took place at 7 p.m. ET on Saturday.

While these stolen tokens had a market value of more $6 million, the hacker could only sell them for 705 ether ($1.1 million) amid high amounts of market slippage. The exploited funds still sit in the hacker's address.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

In an update, Audius said that it had identified and fixed issues in its smart contract, adding that a post-mortem report will be provided soon. Meanwhile, the smart contract has been put on a pause.

Audius is a decentralized music streaming protocol that allows artists to monetize their work using the governance and utility token called AUDIO. The token could be used on Ethereum and Solana networks. 


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]