Hackers withdrew $6 million from decentralized platform Audius

What’s new? On July 23, Audius, a decentralized music service, was hacked, as a result of which hackers managed to withdraw $6 million in cryptocurrency. According to cybersecurity company CertiK, the attackers changed certain configurations of a smart contract used by Audius’ governance system.

(1/2) The attacker called the "initialize" function in the Audius governance contract to modify configurations (through re-initialization) such as "voting period", "execution delay", "guardian address".Then the attacker submitted the malicious proposal(ID 85).— CertiK Alert (@CertiKAlert) July 24, 2022

Details of the hack. After the hackers changed the configuration of the smart contract, they created and approved a governance proposal (proposal #85) requesting the transfer of 18 million native tokens of the AUDIO service.

Although the market value of the stolen assets was more than $6 million, the attackers were able to sell them only for 705 ETH ($1,1 million) amid the strong fall in the crypto market. According to the Etherscan blockchain explorer, they sent the funds to Tornado Cash, a crypto transaction mixer.

As of July 25, 09:15 UTC, AUDIO is trading at $0,325, having lost 4,96% per day, according to cryptocurrency exchange Binance.

Representatives of Audius reported the suspension of the platform’s smart contracts. The team later resumed the operation of smart contracts and AUDIO tokens, except for staking and delegation functions. The developers noted that they have identified the vulnerability and the remaining user funds are safe.

- All remaining funds are safe and fixes have been deployed. At this point all remaining smart contract components have been updated and unpaused except staking & delegation. We expect to have these online within the next couple of days, after changes have been reviewed.— Audius 🎧 (@AudiusProject) July 25, 2022

Audius is a decentralized music streaming protocol that allows artists to monetize their work using the AUDIO governance token.

According to aggregator CoinGecko, the decentralized finance (DeFi) market capitalization fell by 74,6%, from $142 million to $36 million, during the second quarter of 2022. One reason was the frequent hacks of DeFi platforms, analysts noted.