1 min read

Hacker exploits bug at decentralized music platform Audius; Steals $6 million worth of tokens

Alina BÎZGĂ

July 28, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hacker exploits bug at decentralized music platform Audius; Steals $6 million worth of tokens

An unidentified threat actor managed to steal $6 million worth of Audio tokens from the popular decentralized music platform Audius over the weekend.

The platform is run by an open source community of over 5 million unique users, including artists’ fans and developers who can connect directly via the streaming services’ social media features.

According to the blockchain-powered streaming service, the hacker exploited a flaw in the contract initialization code, transferring 18MM $AUDIO tokens from the community treasury into his wallet.

“On July 23, 2022, the Audius governance, staking, and delegation contracts on Ethereummainnet were compromised due to a bug in the contract initialization code that allowed repeated invocations of the initialize functions,” Audius said in a post-mortem report.

“The bug allowed an attacker to maliciously transfer 18MM $AUDIO tokens held by the Audius governance contract (referred to as the “community treasury”) to a wallet of their control and modify dynamics of the voting system to illicitly change their staked $AUDIO amounts in the network.”

After unlawfully transferring the funds, the attacker traded the stolen tokens for a little over $1 million and used the Tornado Cash service protocol to obscure the origin of the funds.

Fortunately, Audius developers quickly deployed a fix, preventing further financial damage.

“The vulnerability was mitigated within a few hours of discovery, and work is continuing to examine the storage modifications made by the attacker and to ensure safe resumption of the remaining Audius smart contract systems (Staking and DelegateManager),” Audius added.

‍“The vast majority of Audius foundation, team, community (eg. via staking) and other funds associated with the ecosystem are safe and were unaffected by this incident. Work is in progress in collaboration with the community on possible remediations for the loss of funds, and we are fortunate that many options are still available. These will be discussed over coming weeks in the Audius governance forum, discord, and other venues before being proposed to the Audius governance process.”

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

UK Drinking Water Supplier Hit with Clop Ransomware UK Drinking Water Supplier Hit with Clop Ransomware
Filip TRUȚĂ

August 17, 2022

2 min read
RubyGems Enforces Mandatory Multi-Factor Authentication for Popular Projects RubyGems Enforces Mandatory Multi-Factor Authentication for Popular Projects
Vlad CONSTANTINESCU

August 17, 2022

1 min read
Google Fined AUD 60 Million over Misleading Data Collection Claims Google Fined AUD 60 Million over Misleading Data Collection Claims
Filip TRUȚĂ

August 16, 2022

2 min read