Proposals in crypto help communities make consensus-based decisions. However, for decentralized music platform Audius, the passing of a malicious governance proposal resulted in the transfer of tokens worth $6.1 million, with the hacker making away with $1 million. On Sunday, a malicious proposal, Proposal #85, requesting the transfer of 18 million Audius’ in-house AUDIO tokens was approved by community voting. First pointed out on Crypto Twitter by spreekaway, the attacker created the malicious proposal wherein they were “able to call initialize() and set himself as the sole guardian of the governance contract.” Speaking to Cointelegraph, Audius co-founder and CEO Roneil Rumburg clarified that the community did not pass a malicious proposal: “This was an exploit — not a proposal proposed or passed through any legitimate means — it just happened to use the governance system as the entry point for the attack.” Further investigation from Audius confirmed the unauthorized transfer of AUDIO tokens from the company’s treasury. Following the revelation, Audius proactively halted all Audius smart contracts and AUDIO tokens on the Ethereum blockchain to avoid further losses. The company, however, resumed token transfers shortly after, adding that the “Remaining smart contract functionality is being unpaused after thorough examination/mitigation of the vulnerability.”
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.