Audius, the decentralized music platform, has identified and patched a vulnerability that allowed a hacker to pass a malicious governance proposal, resulting in the transfer of tokens worth $6 million. The incident occurred due to a vulnerability in Audius’ governance, staking, and delegation contracts on the Ethereum blockchain, allowing the hacker to exploit the contract initialization code on July 23. The compromised set of contracts had undergone audits by blockchain security firms OpenZeppelin and Kudelski before deployment.
The Audius team was quick to respond, developing and applying a patch to regain control of the protocol before the attacker could inflict further damage.
During the attack, the tokens were valued at $6.1 million. However, according to Etherescan transactions, the attacker successfully obtained 704.9 ETH (equivalent to $1.073 million) after selling the tokens, causing maximum slippage.
The Audius team asserted that the “vast majority” of Audius foundation, team, community, and other funds remain secure and were not impacted by the incident. The team is actively collaborating with the community to explore possible remediations for the loss of funds, and they express gratitude that various options are still available.
As of 7:28 UTC on Monday, Audius’ native token, AUDIO, is trading at around $0.33, reflecting a 2% decline in a day and more than a 4% decrease over the past week.
Audius is not the only decentralized finance (DeFi) project that recently experienced a security breach. Neopets, a virtual pet-owning game, also confirmed a data breach last week. The company stated that email accounts and passwords “may have been affected,” advising users to change their passwords. Neopets initiated an investigation with the assistance of a leading forensics firm, engaged law enforcement, and is enhancing protections for its systems and user data. The incidents at Audius and Neopets underscore the ongoing challenges and risks associated with security in the digital space, particularly within decentralized and online platforms.