• Latest
  • Trending
Saturday, January 25, 2025

No products in the cart.

No products in the cart.

Hacker drains $1.08M from Audius following passing of malicious proposal

YOU MAY ALSO LIKE

Cryptographic suggestions help the community make consensus-based decisions. However, in the case of the decentralized music platform Auduis, a malicious governance proposal was passed, resulting in the transfer of $ 6.1 million worth of tokens and hackers letting go of $ 1 million.

July 24, Malicious Proposal (Suggestion # 85Requesting the transfer of 18 million Audius internal AUDIO tokens was approved by a community vote.First pointed out on CryptoTwitter by attacker @spreekaway Created A malicious suggestion that “I was able to call initialize () and set myself as the sole guardian of the governance contract.”

Talking to Cointelegraph, Audius co-founder and CEO Roneil Rumburg revealed that the community did not pass malicious proposals.

This was an exploit, which happened to use the governance system as an entry point for attacks, rather than proposed proposals or proposals that went through legitimate means.

Further investigation from Auduis confirmed the fraudulent transfer of AUDIO tokens from the company’s finances. Following the revelation, Auduis aggressively shut down all Audius smart contracts and AUDIO tokens on the Ethereum blockchain to avoid further losses. However, the company resumed token transfer shortly thereafter. to add “After a thorough investigation / mitigation of vulnerabilities, the rest of the smart contract features have not been suspended.”

Blockchain investigator Peckshield narrowed down the failure to Audius storage layout inconsistencies.

The hacker’s governance proposal discharged nearly $ 6 million worth of 18 million tokens from the treasury, but was quickly dumped and sold for $ 1.08 million. Although dumping resulted in the greatest slippage, investors recommended immediate repurchase to prevent existing investors from dumping and further lowering the minimum token price.

As one investor asked, investors are not yet clear about the stolen money. Team funding is different, isn’t it? “

Rumburk has confirmed in Cointelegraph that the root cause of the exploit has been mitigated and cannot be re-exploited. Given that community finance is separated from Foundation finance, the remaining funds remain safe from any misuse.

Related: Yuga Labs warns about “persistent threat groups” for NFT holders

Yuga Labs, creator of the Bored Ape Yacht Club (BAYC), has issued a second warning about possible “cooperative attacks” on social media accounts.

In June, Yuga Labs pseudonym co-founder Gordon Goner issued the first warning about a possible attack on Twitter social media accounts. Immediately after the warning, Twitter officials actively monitored their accounts and strengthened their existing security.