Blockchain music platform Audius hacked with malicious proposal attack, 705 ETH transferred to mixer protocol
The popular blockchain music platform Audius announced at 8 am on the 24th that unauthorized transfers of the AUDIO tokens from the community treasury were detected, and an official investigation is underway. Approximately two hours later, the issue was reported as resolved, and the platform is in the process of restoring stability. To prevent further harm, all related Ethereum smart contracts, including token contracts, will be temporarily paused. At the time of writing, the AUDIO token has resumed operations, and the remaining smart contract functionalities will be reactivated after thorough inspection. A post-incident report will be released tomorrow.
Table of Contents
Security Company Analyzes the Incident: Governance Proposal Attack
The security company Certik stated that Audius suffered a loss of six million US dollars' worth of AUDIO tokens, which were converted to 705 ETH. The attacker changed the parameters of Audius' governance contract and executed a malicious proposal, resulting in 18.5 million AUDIO tokens being transferred out.
The hacker called the initialize function in the governance contract to change parameters such as voting period, execution delay, and guardian address; then the attacker submitted malicious proposal ID 85. The attacker voted for the malicious proposal and executed its content, obtaining the AUDIO tokens and profiting from it. As of press time, the hacker has transferred all the ETH to the privacy protocol Tornado Cash.
The AUDIO token dropped from 0.36 to 0.31 at 7:00 on the 24th and is currently back to 0.34.
Additional information: Audius Governance Explanation, Audius Governance Forum is currently closed
Related
- Bitcoin-wrapped token cbBTC project to integrate with Solana, Coinbase: Users are loving Solana
- Wintermute and dYdX announce launch of prediction market platform to compete for Polymarket market share
- Vitalik reveals annual salary: 182,000 Singapore dollars, Ethereum Foundation's expenditure details fully disclosed