This past weekend, a hacker made off with AUDIO tokens valued at a total of $6 million. As a result, the platform was forced to pause a number of its services until its developers could implement adjustments to prevent additional token thefts.
The Ethereum blockchain is the underlying technology behind the decentralized streaming network known as Audius. Audius is reportedly a platform that, according to BleepingComputer, allows artists to submit their music and get AUDIO tokens in return for doing so. Alternately, users have the opportunity to earn AUDIO by contributing to the network’s content curation and by listening to that material.
The organization then took to Twitter to inform its artists and listeners about the current situation and the reason for the immediate shutdown of operations and to clarify that their system had been hacked. Additionally, the organization used Twitter to educate its artists and listeners about the reason for the immediate shutdown of operations.
In a tweet published on July 24, Audius said that the team was made aware of allegations about an illicit transfer of AUDIO tokens from the community treasury. In addition, they said that they had begun an investigation into the matter and that they will provide an update as soon as further information was made available to them.
In addition, Audius said, “Please get in touch with us if you are interested in contributing to our response team.”
According to Audius, “the Ethereum mainnet Audius governance, staking, and delegation contracts were compromised due to a fault in the contract initialization code that permitted repeated invocations of the initialization methods.” This was caused by a flaw in the contract initialization code that allowed repeated invocations of the initialization methods.
Hello everyone – our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report back as soon as we know more.
If you’d like to help our response team, please reach out.
— Audius 🎧 (@AudiusProject) July 24, 2022
Due to the vulnerability, an attacker was able to illegally move 18 million $AUDIO tokens that were controlled by the Audius governance contract (also known as the “community treasury”) to a wallet that was under their control. Additionally, the attacker was able to manipulate voting system dynamics in order to change the amount of $AUDIO that was staked in the network.
According to Audius, the company routinely upgrades their system security and conducts security audits. On August 25, 2020, the organization underwent a security audit conducted by the team from OpenZeppelin.