Security

Audius Protocol Loses Over $6 Million After Malicious Voting

July 24, 2022

Audius protocol loses over $6 million after malicious vote

Decentralized music streaming protocol Audius Protocol was mined for nearly $6,1 million.

Audius Protocol developers reported on Twitter about the attack on the protocol, confirming an unauthorized transaction of funds from the community treasury.

The Audius team has halted all smart contracts of the protocol on the Ethereum network after confirming the exploit, and has informed users that while a thorough analysis of the exploit is being conducted and all necessary security measures are being implemented, token balances and transfers will be temporarily suspended.

However, at the time of going to press, the protocol developers reported that the vulnerability had been mitigated and that transfers with the AUDIO token had already been enabled again.

The $AUDIO token is fully functional once again.

Remaining smart contract functionality is being unpaused after thorough examination / mitigation of the vulnerability.

Thank you all for your patience and understanding. Full post-mortem likely to come tomorrow.
— Audius 🎧 (@AudiusProject) July 24, 2022

The Audius Protocol development team is expected to publish a detailed post-mortem report on this attack in the coming hours.

It may interest you: Ethereum development to increase to 55% after The Merge

How did the Audius music streaming protocol exploit occur?

According to security services firm Go+ Security, a vulnerability in Audius Protocol's governance system allowed a hacker to introduce malicious governance proposal #85, which authorized him as the sole guardian of the Audius contract and, therefore, with access to its community treasury.

In her reportThe security firm said the hacker was able to alter the voting parameters to integrate the malicious governance proposal into the protocol. The vulnerability then allowed him to alter the weight of the votes and maliciously execute the vote so that the proposal would be approved.

Blockchain research firm PeckShield, meanwhile, reported that the exploit allowed the hacker to drain 18 million AUDIO tokens from the protocol, worth nearly $6,1 million at the time of the attack.

The @AudiusProject governance is hacked with the passing of the malicious proposal #85 to transfer out 18M AudiusToken, which is then dumped to profit $1.08M. The stolen funds are still parked at the following address: https://t.co/AxplsoDkDT https://t.co/dYX6qlCro0 pic.twitter.com/1v40aT232F
- PeckShield Inc. (@peckshield) July 24, 2022

The hacker managed to sell AUDIO tokens worth $1,08 million, which are being moving on the Tornado Cash cryptocurrency mixing platform.

What is Audius Protocol?

Audius Protocol is a decentralized, community-owned music streaming protocol that uses blockchain technology blockchain to empower artists and creators over their music and content through immutable blockchain records and NFTs.

This protocol, based on the Solana network, is compatible with the Ethereum network, where it was mined.

Continue reading: Bit2Me acquires Peruvian exchange Fluyez

Services

How did the Audius music streaming protocol exploit occur?

What is Audius Protocol?

Related articlesMore from author

An Ethereum vulnerability affects older wallets: inactive funds disappear after years of inactivity.

KelpDAO: The historic rescue of Arbitrum after the exploit raised alarms in Web3

Warning: AI tool detected that impersonates faces and voices in real time to bypass KYC at banks and exchanges

Related articles More from author