Connect with us

News

Audius: Autopsy of $6m music heist reveals some out of key notes

Published

on

Brief analysis of the $6M music heist showcases some out-of-key notes
Source: Unsplash

Hacks within the cryptocurrency domain are very frequent. Recently, a decentralized music platform Auduis suffered as it lost 18.5 million AUDIO tokens ($6m) following a malicious attack.

Broken strings

On 24 July, the Audius community treasury lost a significant amount due to an exploit in the contract initialization code that allowed repeated invocations of the “initialize” function. The respective team shared this development on the social media platform.

Different agencies/firms took efforts to release their post-mortem report for a deep analysis behind the said attack.

A crypto and blockchain security analytic platform named Certik released a simple overview to highlight the same.

Here, the attacker modified the Audius governance contract’s configurations, then proposed and executed a malicious proposal draining 18.5m AUDIO.

This allowed an attacker to modify the voting system and set erroneous stake values in the network.

Ergo, leading to a malicious transfer of 18m AUDIO tokens held by the Audius governance contract (referred to as the “community treasury”) in their wallet. 

Later, the attackers were able to do a proposal, pass it, send themselves all the treasury tokens, then dump it on Uniswap in one transaction. Notably, the attacker sold 18m AUDIO tokens for 705 ETH ($1.1m).

In addition, another firm, Go+ Security too shared a brief analysis on 24 July to highlight the said attack. In a blog, the firm added a small flowchart asserting the full attack vector.

Tamper with vote parameters -> submit malicious proposal -> Tamper with vote weight -> Vote -> Execute proposal

The firm further added an in-depth analysis including screenshots of the aforementioned timing of the unfortunate event. Another blockchain investigator Peckshield narrowed down the fault to Audius’ storage layout inconsistencies.

Damage control?

The Audius team updated that the vulnerabilities were patched, but many features such as token transfer and balance display have not been activated because of concerns about risks.

“This was achieved by “proxy-upgrading each contract to a minimal BlockingContract that did not contain the same bug. This prevented further repeated invocations after relegating proxyAdmin control to a predefined address owned by the team.”

But did it help the affected token? Well not really. The token witnessed a massive fall on CoinMarketCap as evident in the graph below.

Source: CoinMarketCap

At the time of writing, the token (AUDIO) suffered a fresh 2% correction as it slid past the $0.33 mark.

Read the best crypto stories of the day in less than 5 minutes

Subscribe to get it daily in your inbox.


Please select your Email Preferences.

Shubham is a full-time journalist at AMBCrypto. A Master's graduate in Accounting and Finance, Shubham's writings mainly focus on crypto-regulations across the United States and Europe. Also, a die-hard Chelsea fan #KTBFFH.

Click to comment

Leave a Reply

Your email address will not be published.

Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.