Proposals in crypto help communities make consensus-based decisions. However, for decentralized music platform Auduis, the passing of a malicious governance proposal resulted in the transfer of tokens worth $5.9 million, with the hacker making away with $1 million.
On July 24, a malicious proposal (Предлог #85) requesting the transfer of 18 million Audius’ in-house AUDIO tokens was approved by community voting. First pointed out on Crypto Twitter by @spreekaway, the attacker креиран the malicious proposal wherein they were “able to call initialize() and set himself as the sole guardian of the governance contract.”
Здраво свима – наш тим је упознат са извештајима о неовлашћеном преносу АУДИО токена из ризнице заједнице. Активно истражујемо и јавићемо чим сазнамо више.
Ако желите да помогнете нашем тиму за одговоре, обратите се.
— Аудиус (@АудиусПројецт) Јула КСНУМКС, КСНУМКС
Further investigation from Auduis confirmed the unauthorized transfer of AUDIO tokens from the company’s treasury. Following the revelation, Auduis proactively halted all Audius smart contracts and AUDIO tokens on the Ethereum blockchain.
Blockchain investigator Peckshield narrowed down the fault to Audius’ storage layout inconsistencies.
Питање @АудиусПројецт lies in inconsistent storage layout between its proxy and impl. In particular, the collision of Audius Community Treasury contract results in an equivalence of disabling the initializer modifier. The proxyAdmin addr (0x..abac) plays a role here. pic.twitter.com/x4CqRncahp
- ПецкСхиелд Инц. (@пецксхиелд) Јула КСНУМКС, КСНУМКС
While the hacker’s governance proposal drained out 18 million tokens worth nearly $6 million from the treasury, it was soon dumped and sold for $1.08 million. While the dumping resulted in maximum slippage, investors recommended an immediate buyback to prevent existing investors from dumping and further lowering the token’s floor price.
Investors are yet to get clarity on the stolen funds as one investor asked, “They hacked the community fund right? The team’s fund is separate correct?”
While a post-mortem report is underway, Audius has not yet responded to Cointelegraph’s request for comment.
Релатед: Иуга Лабс упозорава на 'групу упорних претњи' која циља власнике НФТ-а
Bored Ape Yacht Club (BAYC) creator Yuga Labs issued its second warning about an expected “coordinated attack” on its social media accounts.
Наш безбедносни тим прати упорну групу претњи која циља НФТ заједницу. Верујемо да би ускоро могли да покрену координисани напад који циља више заједница путем компромитованих налога на друштвеним медијима. Будите опрезни и будите сигурни.
— Иуга Лабс (@иугалабс) Јула КСНУМКС, КСНУМКС
In June, Gordon Goner, pseudonymous co-founder of Yuga Labs, issued the first warning of a possible incoming attack on its Twitter social media accounts. Soon after the warning, Twitter officials actively monitored the accounts and fortified their existing security.
Source: https://cointelegraph.com/news/hacker-drains-1-08m-from-audius-following-passing-of-malicious-proposal