Hacker drains $1.08 million from Audius after passing malicious proposal
A malicious proposal (Proposal #85) requesting the transfer of 18 million internal Audius AUDIO tokens worth nearly $6 million was approved by the community vote.
New
Cryptography proposals help communities make decisions based on consensus. However, for decentralized music platform Auduis, the adoption of a malicious governance proposal resulted in the transfer of tokens worth $5.9 million, with the hacker taking home $1 million.
On July 24, a malicious proposal (Proposition 85) requesting the transfer of 18 million internal Audius AUDIO tokens was approved by a community vote. First reported on Crypto Twitter by @spreekaway, the attacker created the malicious proposal in which he was "able to call initialize() and set himself as the sole custodian of the governance contract".
Hello everyone - our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report to you as soon as we know more.
If you would like to help our response team, please contact us.
— Audius (@AudiusProject) July 24, 2022Further investigation by Auduis confirmed the unauthorized transfer of AUDIO tokens from company treasury. Following the revelation, Auduis proactively discontinued all Audius smart contracts and AUDIO tokens on the Ethereum blockchain.
Blockchain investigator Peckshield narrowed the blame to Audius storage layout inconsistencies.
@AudiusProject's problem is an inconsistent storage layout between its proxy and impl. In particular, the collision of the Audius Community Treasury contract results in an equivalence of disabling the initialization modifier. The proxyAdmin address (0x..abac) plays a role here. pic.twitter.com/x4CqRncahp
— PeckShield Inc. (@peckshield)
A malicious proposal (Proposal #85) requesting the transfer of 18 million internal Audius AUDIO tokens worth nearly $6 million was approved by the community vote.
New
Cryptography proposals help communities make decisions based on consensus. However, for decentralized music platform Auduis, the adoption of a malicious governance proposal resulted in the transfer of tokens worth $5.9 million, with the hacker taking home $1 million.
On July 24, a malicious proposal (Proposition 85) requesting the transfer of 18 million internal Audius AUDIO tokens was approved by a community vote. First reported on Crypto Twitter by @spreekaway, the attacker created the malicious proposal in which he was "able to call initialize() and set himself as the sole custodian of the governance contract".
Hello everyone - our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report to you as soon as we know more.
If you would like to help our response team, please contact us.
— Audius (@AudiusProject) July 24, 2022Further investigation by Auduis confirmed the unauthorized transfer of AUDIO tokens from company treasury. Following the revelation, Auduis proactively discontinued all Audius smart contracts and AUDIO tokens on the Ethereum blockchain.
Blockchain investigator Peckshield narrowed the blame to Audius storage layout inconsistencies.
@AudiusProject's problem is an inconsistent storage layout between its proxy and impl. In particular, the collision of the Audius Community Treasury contract results in an equivalence of disabling the initialization modifier. The proxyAdmin address (0x..abac) plays a role here. pic.twitter.com/x4CqRncahp
— PeckShield Inc. (@peckshield)What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
