Decentralized music streaming protocol Audius reported that a hacker stole funds from its community treasury using a malicious governance vote.
According to security firm CertiK, the hacker successfully modified certain configurations in the smart contract used by Audius's governance system. With these changes, the perpetrator was able to become the “guardian” of the contract.
The hacker then proceeded to create and approve a governance proposal (Proposal #85) requesting a transfer of 18 million AUDIO tokens from the community treasury. According to on-chain data, the exploit took place at 7 p.m. ET on Saturday.
While these stolen tokens had a market value of more $6 million, the hacker could only sell them for 705 ether ($1.1 million) amid high amounts of market slippage. The exploited funds still sit in the hacker's address.
In an update, Audius said that it had identified and fixed issues in its smart contract, adding that a post-mortem report will be provided soon. Meanwhile, the smart contract has been put on a pause.
Audius is a decentralized music streaming protocol that allows artists to monetize their work using the governance and utility token called AUDIO. The token could be used on Ethereum and Solana networks.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.