The passing of a malicious governance proposal of Audius resulted in hackers making away with $1 million

According to PeckShield Inc, a malicious proposal (Proposal #85) requesting the transfer of 18 million Audius( AUDIO) worth nearly $6 million was approved by community voting.

“The issue of Audius Project lies in inconsistent storage layout between its proxy and impl. In particular, the collision of Audius Community Treasury contract results in an equivalence of disabling the initializer modifier. The proxyAdmin addr (0x..abac) plays a role here”, PeckShield tweeted.

Hacker drains $1.08M from Audius following the passing of the malicious proposal

A wrong decision to pass a malicious governance proposal by Audius resulted in $1 million in damages, prompting the hackers to move $5.9 million worth of tokens.

Specifically, the voting community approved a malicious proposal (Proposal #85) with a request to transfer 18 million AUDIO tokens. However, this behavior indicates an unauthorized transfer of AUDIO from the corporate treasury. Following the disclosure, Auduis took the initiative to suspend all Audius smart contracts and AUDIO tokens on the Ethereum blockchain.

While the hacker’s governance proposal drained 18 million tokens worth nearly $6 million from the treasury, it was soon dumped and sold for $1.08 million. While the dumping resulted in maximum slippage, investors recommended an immediate buyback to prevent existing investors from further dumping and lowering the token’s price.

The issue has been found and fixes are in progress to get things back to a stable state.

To prevent further damage, all Audius smart contracts on Ethereum had to be halted, including the token.

We do not believe any further funds are at risk.

More updates / post-mortem soon. https://t.co/i3MM9WjjgE

— Audius 🎧 (@AudiusProject) July 24, 2022

At present, Audius says the issue has been found, and fixes are in progress to get things back to a stable state.

“The issue has been found, and fixes are in progress to get things back to a stable state. To prevent further damage, all Audius smart contracts on Ethereum had to be halted, including the token. We do not believe any further funds are at risk. More updates / post-mortem soon”, they tweeted.

Read more:

• Ripple Doesn’t Stand A Chance Against The SEC In Its Ongoing Court Battle
• A Hacker Stole 314 NFTs After Injecting Malicious Code On Premint’s Website

Join us on Telegram

Follow us on Twitter

Follow us on Facebook