Connect with us
Active Currencies 16235
Market Cap $3,474,448,270,160.40
Bitcoin Share 55.30%
24h Market Cap Change $-3.30

Audius: Autopsy of $6m music heist reveals some out of key notes

2min Read
Brief analysis of the $6M music heist showcases some out-of-key notes

Share this article

Hacks within the cryptocurrency domain are very frequent. Recently, a decentralized music platform Auduis suffered as it lost 18.5 million AUDIO tokens ($6m) following a malicious attack.

Broken strings

On 24 July, the Audius community treasury lost a significant amount due to an exploit in the contract initialization code that allowed repeated invocations of the “initialize” function. The respective team shared this development on the social media platform.

Different agencies/firms took efforts to release their post-mortem report for a deep analysis behind the said attack.

A crypto and blockchain security analytic platform named Certik released a simple overview to highlight the same.

Here, the attacker modified the Audius governance contract’s configurations, then proposed and executed a malicious proposal draining 18.5m AUDIO.

This allowed an attacker to modify the voting system and set erroneous stake values in the network.

Ergo, leading to a malicious transfer of 18m AUDIO tokens held by the Audius governance contract (referred to as the “community treasury”) in their wallet. 

Later, the attackers were able to do a proposal, pass it, send themselves all the treasury tokens, then dump it on Uniswap in one transaction. Notably, the attacker sold 18m AUDIO tokens for 705 ETH ($1.1m).

In addition, another firm, Go+ Security too shared a brief analysis on 24 July to highlight the said attack. In a blog, the firm added a small flowchart asserting the full attack vector.

Tamper with vote parameters -> submit malicious proposal -> Tamper with vote weight -> Vote -> Execute proposal

The firm further added an in-depth analysis including screenshots of the aforementioned timing of the unfortunate event. Another blockchain investigator Peckshield narrowed down the fault to Audius’ storage layout inconsistencies.

Damage control?

The Audius team updated that the vulnerabilities were patched, but many features such as token transfer and balance display have not been activated because of concerns about risks.

“This was achieved by “proxy-upgrading each contract to a minimal BlockingContract that did not contain the same bug. This prevented further repeated invocations after relegating proxyAdmin control to a predefined address owned by the team.”

But did it help the affected token? Well not really. The token witnessed a massive fall on CoinMarketCap as evident in the graph below.

Source: CoinMarketCap

At the time of writing, the token (AUDIO) suffered a fresh 2% correction as it slid past the $0.33 mark.

Share

Shubham is a full-time journalist/ Crypto data analyst at AMBCrypto. A Master's graduate in Accounting and Finance, Shubham's writings mainly focus on the cryptocurrency sector with particular emphasis on market research studies and communications for >2 years. Also, a die-hard Chelsea fan #KTBFFH.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.