A flaw in smart contracts on the Audius platform led to a theft of US$ 1.08 million (about R$ 5.8 million) by cybercriminals yet to be identified. They managed to pass a governance proposal that led to the transfer of 18 million tokens to a personal account from the platform’s community treasury.
The case happened last weekend and led to a sharp drop in the value of AUDIO, the cryptocurrency of the music service based on Ethereum technology. Originally, the value in tokens would be equivalent to more than US$6.1 million (R$32.7 million), but it ended up selling for just under one-sixth of that, as investors recommended an immediate repurchase to prevent the numbers dropped even further.
The fraud happened on Saturday (23) and was confirmed by the company the next day, first with a quick message and then in a publication with more details. According to Audius, the theft was the result of a malicious exploitation of the platform’s governance system, which allowed different calls to the smart contract voting system and also the definition of erroneous values, which led to the transfer of the tokens to a personal wallet.
Post-mortem from this weekend’s attack is now live: https://t.co/aPUv2fPUm7
– Audited contracts were compromised due to an exploit in the contract initialization code that allowed repeated invocations of the “initialize” function.
— Audius ???? (@AudiusProject) July 25, 2022
While it has yet to talk about possible returns, Audius said that the rest of the platform’s funds are safe and that the flaw that led to the fraudulent transfer has now been fixed. As of this writing, however, transactions involving AUDIO have been interrupted and should resume in the coming days, with no precise date for it.
Over the next few weeks, too, Audius intends to work alongside authorities and experts in investigations into those responsible for the attack and seeks to recover the lost tokens. In addition, the company made it clear that the amount, although considerable, did not represent the largest fund available for the system.
Even so, the theft had its harmful effects on the system, especially with regard to quotations. According to charts from CoinMarketCap website, AUDIO tokens experience a drop of almost 28% over the last few days, from a high of BRL 2.30 per unit last Saturday, before the attack, to BRL 1, 66 at the time this report is written.
Often called the “Spotity of cryptocurrencies”, Audius is a streaming service based on blockchain technology, with the idea of bringing artists and fans together through its own tokens. The idea is to work with an open system where any musician can build their following and monetize their work, while listeners themselves can also profit from the tokens issued by the platform.
Artists like Katy Perry, Jason Derulo, Skrillex, Nas and Deadmau5 are part of the group of celebrities who support Audius and have work available on it. One of the system’s differentials, in addition to the focus on cryptocurrencies, is the offering of high quality audio in a free format, as well as customization tools that allow the creation of remixes and works based on the original works.
Source: Audius, CoinTelegraph