Decentralised music streaming protocol Audius has become the latest DeFi platform to lose money to hackers.
Decentralised music streaming protocol Audius reported on Sunday, 24th July, that a hacker stole funds from its community treasury.
According to Audius, the hacker leveraged a malicious governance vote to steal funds from the protocol. The Audius team said;
“Hello, everyone – our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report back as soon as we know more. If you’d like to help our response team, please reach out.”
The security firm CertiK stated that the hacker successfully modified certain configurations in the smart contract used by the music streaming protocol’s streaming system.
By making these changes, the hacker was able to take control of the smart contract.
(1/2) The attacker called the "initialize" function in the Audius governance contract to modify configurations (through re-initialization) such as "voting period", "execution delay", "guardian address".
Then the attacker submitted the malicious proposal(ID 85).
— CertiK Alert (@CertiKAlert) July 24, 2022
The attacker then went on to create and approve a governance proposal (Proposal #85). The proposal sought to transfer 18 million AUDIO tokens from the community treasury.
The on-chain data revealed that the attack took place at 7 p.m. ET on Saturday. Although the 18 million AUDIO tokens were worth around $6 million, the attacker could only sell 705 ether ($1.1 million) due to the high amounts of market slippage.
The stolen funds are currently sitting in the hacker’s address. The Audius team added that it had identified and fixed issues in its smart contract. It told its community that a post-mortem report would be provided soon.
Pending the report, the Audius team said it had put the smart contract on pause. Audius is one of the leading decentralised music streaming protocols. The protocol allows artists to monetise their work using the governance and utility token called AUDIO. The AUDIO token is currently available on the Ethereum and Solana networks.