As is common in crypto communities, proposals are usually subject to consensus decisions, and this is exactly what has become the undoing of decentralized music platform Audius. According to a recent report, an unidentified hacker had a bogus proposal approved via an exploit, making away with at least $1 million.
Audius attack blamed on inconsistencies in storage layouts
The attacker had created the bogus governance proposal, setting himself up as the sole guardian of the governance contract. Following this, they requested to transfer 18 million AUDIO tokens (worth approximately $6 million). And the proposal got passed by community voting on July 24.
However, investigations by blockchain analyst Peckshield suggests that the Audius platform may have encouraged the hack one way or another. The investigation reveals that there were inconsistencies in the platform’s storage, which is exactly what the attacker took advantage of.
Meanwhile, after confirming the hack, Audius immediately swung into action. The firm has now halted all Audius smart contracts and AUDIO tokens on the Ethereum blockchain.
Although the hacker successfully transferred tokens that are worth about $6 million from the treasury, he only sold them for $1.08 million. Expectedly, the dumping has had a negative effect on the token’s floor price and investors are recommending an immediate buyback. This, they say is to prevent the token’s floor price from plunging deeper, should other investors decide to dump it as well.
A rising wave of attacks
The rate at which hack attacks and exploitations such as this are ravaging the decentralized finance space can not be over-emphasized.
Per REKT data, DeFi protocols have lost no less than $4.75 billion in total due to hacks and exploits. In fact, out of the amount lost, only $1 billion was returned. This means that only a discouraging 21% of all lost funds were recovered.
Audius’ hack follows a long list of similar exploitations that have happened so far in 2022. Meanwhile, investors have no clarity yet regarding the stolen funds. However, Audius is expected to shed more light on the situation soon enough.