Hacker Exploits ‘Audius’ for $1 Million in Malicious Governance Proposal

Decentralised music streaming platform Audius has announced that it lost around US$1 million to an unknown hacker early on July 24.

The hacker was able to gain the funds after the platform mistakenly passed a malicious governance proposal that saw more than US$6 million worth of the platform’s AUDIO tokens transferred:

The hacker was able to transfer 18 million AUDIO tokens from the community treasury, an action that was approved by the Audius community, then assigned himself as the sole guardian of the contract by calling the smart contract function “initialize()”.

Once the platform detected that attack, it paused smart contracts and AUDIO tokens initially to prevent further loss of funds but resumed smart contract functionality soon after. Funds in both the community and the foundation treasury are now said to be safe.

Slippage in AUDIO Price

The attacker sold the tokens on decentralised exchange Uniswap for US$1.08 million, triggering a slippage in the AUDIO price. Slippage refers to the difference between the expected price of a token and the price when the order executes, and is expressed as a percentage of a dollar amount.

According to a tweet from security analysis firm PeckShield, the fault is said to have been caused by inconsistencies discovered in the storage layout of Audius:

Audius Designed to Cut Out the Middleman

Audius was established to connect music fans with artists without having the need for an intermediary like a record label. Initially designed to be a blockchain version of SoundCloud, it is a place where artists can produce immutable songs that fans can listen to free of charge.

The platform gives artists the freedom to choose how they monetise their work and ensures that artists receive 90 percent of the revenues collected. The remaining 10 percent is issued to node operators. Audius has become so popular that popular music artists such as Katy Perry, Steve Aoki and the Chainsmokers have invested in the crypto-powered streaming platform.

Audius now has over six million monthly active users and is a community-owned and operated protocol. The platform recently introduced AUDIO Tipping, enabling fans to tip their favourite artists using the native AUDIO token.