In the crypto space, proposals assist the communities in taking decisions that are based on consensus. Nonetheless, in the case of Audius – a decentralized music venue – the authorization of a bad governance proposal paved the way toward the transaction of up to $6.1M worth of tokens and the hacker took away nearly $1M.
Hacker Exploited Audius and Fled with $1.08M in AUDIO Tokens
On 24th July, Proposal #85 – a bad proposal – requested to transact approximately 18M in AUDIO (the in-house tokens of Audius) and was authorized after the community voting. The hacker generated a mischievous proposal and was capable of becoming the governance contract’s single custodian. On being informed about the incident, Audius’ group shared a Twitter post and assured the community members that they are making adequate endeavors to investigate the matter and the results will be shortly shared by them.
Roneil Rumburg – the CEO and co-founder of Audius – disclosed that the respective proposal was not passed on by the community. He categorized the incident as an exploit and added that none of the legitimate means proposed or approved the proposal. In his words, it just took place to utilize the governance system to be the point of entry for the attack. Additional inquiry by Audius brought to the front that it was the AUDIO tokens’ unauthorized transaction from the treasury of the firm.
Smart Contracts Shortly Resumed by Audius
After the disclosure, Audius preemptively terminated the AUDIO tokens and smart contracts on over the Ethereum blockchain to stay away from extra losses. Nevertheless, the firm restarted token transactions after a momentary stoppage, asserting that the smart contract operability is being resumed following a comprehensive investigation of the platform’s vulnerability. Peckshield, a blockchain investigator, specified that the issue was existing within the storage layout irregularities of Audius.
While the governance proposal of the hacker drained almost 18M ($6M) worth of tokens from the treasury of Audius, it was shortly dumped as well as traded for just $1.08M. While the consequence of the dumping was maximum slippage, investors suggested a rapid buyback to keep investors from further dumping as well as decreasing the floor price of the token.
Rumburg claimed that the exploit’s root cause has been corrected and there is no chance for its re-exploitation. Keeping in view that the community treasury is preserved in a separate place from the treasury of the foundation, the existing funds are secure from the exploits.