Audius compromised in the latest cyber attack and lost 18 million AUDIO tokens worth $6 million
Audius the decentralized music streaming platform has been attacked by threat actors that stole over 18 million AUDIO tokens worth $6 million. The decentralized music platform is hosted on the Ethereum blockchain from which artists can earn AUDIO tokens by sharing their music and users can earn AUDIO tokens by curating and listening to the music.
Audius notified its users on Twitter quickly after it was hacked and froze services until the platform’s developers could prevent further theft of the tokens.
Hello everyone – our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report back as soon as we know more.
If you'd like to help our response team, please reach out.
— Audius 🎧 (@AudiusProject) July 24, 2022
Audius stated that the hacker exploited a bug in the contract initialization code by allowing itself to perform several repeated invocations of the initialized functions. The threat actor conducted a transfer of 18.5 million AUDIO tokens from the community treasury to their wallet. Then the threat actor performed a governance proposal to change the governance dynamics of the platform to transfer the tokens.
However, Audius reported later that no more tokens were mined instead of the amount threat actor could access and this hacking incident will not impact the circulation of the tokens. The company also added that all funds are now safe and the AUDIO tokens are functional although it will take some time for the service to begin.
The company added, “Audits are not bulletproof, and time spent in the market (and the resulting Lindy effect) can help build confidence but does not rule out opportunities for exploitation. These contracts were deployed in October 2020, and this vulnerability has been live in the wild since that time.” Although the decentralized streaming service went through two in-depth security assessments in August 2020 and October 2021 and couldn’t find any potential vulnerability.
The company assured its users that they will improve in the future in response to the recent cyberattack.