Audius, a decentralised music platform, lost 18 million community tokens in a hack attack over the weekend. A malicious governance proposal, created by the hacker, requested the transfer of 18 million Audius’ Audio tokens from the community treasury. While the total cost of the transferred tokens exceeded $6 million (roughly Rs. 47 crore), the hacker managed to earn only a smaller chunk after dumping and selling the stolen tokens for $1.8 million.
The decentralised community boasts about making consensus-based governance decisions, that are voted upon by members of the particular community. In the case of Audius hack, the hacker was able to initialise this proposal and set himself as the sole guardian of the governance contract, a report by CoinTelegraph explained on Monday, July 25.
Roneil Rumburg, the Co-Founder and CEO of Audius has clarified that the community had not passed this proposal.
“This was an exploit — not a proposal proposed or passed through any legitimate means — it just happened to use the governance system as the entry point for the attack,” CoinTelegraph quoted Rumburg as saying.
As a cautionary measure, Audius had temporarily halted all the smart contracts and Audio tokens. These tokens are built on the Ethereum blockchain.
The platform resumed the functionalities of the Audio token after having conducted thorough examination and mitigation of vulnerability.
The $AUDIO token is fully functional once again.
Remaining smart contract functionality is being unpaused after thorough examination / mitigation of the vulnerability.
Thank you all for your patience and understanding. Full post-mortem likely to come tomorrow.
— Audius :headphones: (@AudiusProject) July 24, 2022
For now, Audio investors are yet to get a clarity on the stolen funds.
Hackers have been swarming towards the Web3 space in order to bag more assets and then exploit the privacy feature of digital assets to anonymously launder their gains into clean funds.
Last week, NFT registration platform Premint lost 320 NFTs from its site to a hack attack. The company is in the process of reimbursing its users with over $525,000 (roughly Rs. 4.20 crore).
Following the Premint incident, Yuga Labs, the creator of Bored Apes Yacht Club (BAYC) NFTs issued a warning.
“Our security team has been tracking a persistent threat group that targets the NFT community. We believe that they may soon be launching a coordinated attack targeting multiple communities via compromised social media accounts. Please be vigilant and stay safe,” the alert by Yuga Labs read.