The team behind Audius, the decentralized music platform, has detailed the exploit that led to the loss of around $6 million.
Over the weekend, an overlooked vulnerability resulted in an exploit of Audius. An attacker managed to steal more than 18 million AUDIO tokens from the Web3 streaming music service. Let’s discover how this happened.
Audius Under Attack
The exploit occurred due to a bug in the Audius governance, staking, and delegation smart contracts. Additionally, the attacker managed to manipulate an initialization code that allowed repeated requests of its functions. On July 25th, the team published a post-mortem explaining how the attack took place.
Post-mortem from this weekend's attack is now live: https://t.co/aPUv2fPUm7
Highlights:
– Audited contracts were compromised due to an exploit in the contract initialization code that allowed repeated invocations of the "initialize" function.— Audius 🎧 (@AudiusProject) July 25, 2022
The attacker eventually made off with $6 million worth of tokens from the Audius governance contract. These were sent to another wallet they own. Furthermore, the attacker then modified the voting dynamics to change their staked AUDIO tokens.
Audius uses Ethereum ERC-20 tokens to enable community governance. The attacker attempted to exploit this to delegate 10 trillion AUDIO tokens to their wallet to pass governance votes. The second attempt to do this was successful which enabled the hacker to take the 18.5 million tokens from the community treasury.
More About Audius’ Hack
The attacker traded the tokens for a lower value of Ethereum which they washed through Tornado Cash. On July 24th, the team halted the smart contracts and applied patches with the assistance of community developers.
The issue has been found and fixes are in progress to get things back to a stable state.
To prevent further damage, all Audius smart contracts on Ethereum had to be halted, including the token.
We do not believe any further funds are at risk.
More updates / post-mortem soon. https://t.co/i3MM9WjjgE
— Audius 🎧 (@AudiusProject) July 24, 2022
Also, changes were isolated to the internal state of the staking system. No new tokens were minted and it did not affect the circulating token supply which is 725 million.
The team said: “The vast majority of Audius foundation, team, community, and other funds associated with the ecosystem are safe and were unaffected by this incident.” Work is in progress to remedy the loss of funds.
Furthermore, OpenZeppelin audited Audius’ smart contracts in August 2020. However, this vulnerability survived. The team at the Web3 music streaming platform admitted that audits were not “bulletproof.”
AUDIO Token Price Outlook
On the other hand, AUDIO token prices have dumped around 18% since the time of the hack on July 23th. They were trading at around $0.38 before the attack and had fallen to $0.31 at the time of writing.
Finally, the AUDIO token has declined around 20% over the past week. Additionally, the token is down almost 94% from its March 2021 all-time high of $4.95. Audius has a market capitalization of $230 million.
⬆️Moreover, for more cryptocurrency news, check out the Altcoin Buzz YouTube channel.
⬆️Above all, if you want to find the most undervalued gems, up-to-date research, and NFT buys with Altcoin Buzz Access. Join us for $99 per month now.
