Web3’s music platform Audius lost 18 million AUDIO to a hacker. In the crypto communities, the proposals are generally unanimous. The hacker also chose this path for exploitation. An abusive management proposal on the Audius music platform was unanimously accepted.
In the event that the bid was finalized, 18 million AUDIO tokens were stolen by a hacker from Audius.
18 Million Audius (AUDIO) Tokens Stolen by Hackers
Recently, the malicious proposal (proposition 85) requesting the internal transfer of 18 million Audius (AUDIO) tokens was accepted by community vote.
The incident was revealed by Twitter user @spreekaway. The attacker made a malicious offer that they could “call initise() and set itself as the sole guardian of the management contract”.
In the meantime, let’s also mention that 18 million AUDIO is worth 6.1 million dollars as of the writing of the news. There was also a statement from the company’s side regarding the subject:
“Hi everyone, our team is aware of reports of unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will let you know as soon as we learn more. If you would like to help our support team, please feel free to contact us.”
https://twitter.com/AudiusProject/status/1551000725169180672
After this unfortunate event that happened to the company, Audius; Actively halted all Audius contracts and AUDIO tokens on the Ethereum blockchain.
The total value of the AUDIOs working from the community treasury with the malicious offer of the hacker was worth $ 6 million. The stolen tokens were soon sold for $1.08 million.
Peckshield also tweeted about the issue.
Saying that the problem lies in the inconsistent storage layout between the proxy and impl, Peckshield said, “The conflict of the Audius Community Treasure contract in particular results in the equivalent of disabling the launcher modifier. The proxyAdmin address (0x..abac) plays a role here,” he said.
The issue of @AudiusProject lies in inconsistent storage layout between its proxy and impl. In particular, the collision of Audius Community Treasury contract results in an equivalence of disabling the initializer modifier. The proxyAdmin addr (0x..abac) plays a role here. pic.twitter.com/x4CqRncahp
— PeckShield Inc. (@peckshield) July 24, 2022