An attack was used to pass a governance petition (Proposal #85) asking for the transfer of 18 million in-house AUDIO tokens belonging to Audius, valued at $6.1 million.
Cryptographic proposals assist communities in reaching choices based on consensus. On the other hand, the fraudulent governance proposal that was approved by the decentralized music platform Auduis led to the transfer of tokens valued at $6.1 million, with the hacker walking away with $1 million.
On Sunday, the community voted to approve Proposal #85, a fraudulent request for the transfer of 18 million Audius’ internal AUDIO tokens. The attacker produced the fraudulent proposal that allowed them to call initialize and designate himself as the only guardian of the government contract. Roneil Rumburg, co-founder, and CEO of Audius explained that the community did not approve of a harmful plan. The governance system was just used as the entry point for the assault; this was an exploit, not a proposal presented or passed through any legal channels.
Additional Auduis research proved the theft of AUDIO tokens from the company’s funds. In response to the disclosure, Auduis took preemptive action to prevent additional losses by stopping all Audius smart contracts and AUDIO tokens on the Ethereum network. Token transfers, however, were soon resumed by the business, which also stated that the remaining smart contract functionality is being unpaused following full examination/mitigation of the issue.
Peckshield, a blockchain investigator, focused on Audius’ inconsistent storage arrangement to identify the problem. While the hacker’s governance plan depleted the treasury of 18 million tokens worth around $6 million, it was quickly dumped and sold for $1.08 million. Investors advised a fast repurchase to stop current investors from dumping and further decreasing the token’s floor price, even though the dumping caused the greatest amount of slippage.
Investors still need information on the missing money. The remaining money is protected against theft since the community treasury is maintained apart from the foundation treasury.