Generally, proposals that assist communities in reaching decisions based on consensus are known for being majorly beneficial. However, a recent approval by the decentralized music platform Audius to a malicious governance proposal led to the transfer of coins valued at $6.1 million, with the culprit walking away with $1 million.
On Sunday, the community voted to approve Proposal #85, a fraudulent request for the transfer of 18 million Audius’ internal AUDIO tokens. The attacker created the fraudulent proposal that allowed them to “call initialize() and set himself as the sole guardian of the governance contract.”
Hello everyone – our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report back as soon as we know more.
If you'd like to help our response team, please reach out.
— Audius 🎧 (@audius) July 24, 2022
Roneil Rumburg, the CEO and co-founder of the company, clarified that the crypto community did not approve a malicious proposal:
“This was an exploit — not a proposal proposed or passed through any legitimate means — it just happened to use the governance system as the entry point for the attack.”
Audius faces a serious dump in price
The theft of AUDIO tokens from the company’s treasury was proven by further Audius investigation. In response to the revelation, Auduis took preemptive action to prevent further losses by stopping all Audius smart contracts and AUDIO tokens on the Ethereum network. Token transfers, however, were soon resumed by the company, which also stated that “remaining smart contract functionality is being unpaused after thorough examination/mitigation of the vulnerability.”
Blockchain investigation firm Peckshield further dived in to find the flaws and inconsistencies in the storage layout of Audius. It stated:
“The issue of Audius lies in inconsistent storage layout between its proxy and impl. In particular, the collision of the Audius Community Treasury contract results in equivalence of disabling the initializer modifier.”
While the hacker’s governance plan drained the treasury of 18 million tokens worth around $6 million, the price was quickly dumped and sold for $1.08 million. Investors advised a fast buyback to stop existing investors from dumping and further decreasing the token’s floor price, even though the dumping caused maximum slippage.
The increasing crypto adoption has also resulted in an increasing number of hacks and scams. Recently, as TheCoinRise reported, the FBI issued a public warning against fraudulent crypto apps getting popular in the nation.
BlockchainFX is the world’s first crypto exchange connecting traditional finance with blockchain. Join the $BFX presale today and secure your chance for 100x gains!
Join Now