"Hackers Stole $6 Million From Blockchain-Based Music Portal Audius"

Threat actors recently infiltrated the decentralized music platform Audius and stole more than 18 million AUDIO tokens, which are currently worth around $6 million. Audius is an Ethereum blockchain-based decentralized streaming service. Users can earn tokens by curating and listening to content, while musicians can earn AUDIO tokens by sharing their music. When the hacker stole AUDIO tokens, many of the platform's services were immediately halted while engineers developed solutions to prevent future token theft. According to Audius, the hacker exploited a flaw in the contract initialization code to perform multiple invocations of the initialize methods. This allowed the hacker to transfer 18.5 million AUDIO tokens from the platform's community treasury to their wallet, stealing a large sum of money and changing the governance dynamics. After the actor attempted four governance proposal execution attempts, three of which were unsuccessful and one successful, the entire Audius community pool was transferred to the attacker's wallet. No new tokens were created, and the event had no effect on the number of tokens in circulation. All remaining user funds are now secure. The AUDIO token was back in service, but the "Staking" and "Delegate Manager" smart contract systems had not been restored because the changes were still being evaluated. The attacker moved their tokens through the Tornado Cash mixing service while simultaneously trading them on Uniswap for just $1.07 million, losing 5/6 of their value. In August 2020 and October 2021, two separate auditors conducted two comprehensive security audits of Audius' contract system, but neither found the exploited vulnerability. This article continues to discuss the theft of $6 million from Audius by hackers. 

CyberIntelMag reports "Hackers Stole $6 Million From Blockchain-Based Music Portal Audius"