Ethereum music player and Solana suffered theft of 18 million tokens

Key facts:
  • The hacker sold tokens for $1.08 million, causing the AUDIO asset to crash.

  • The Audius system is already enabled and a “post mortem” of the attack is expected this week.

The decentralized governance system of a platform of streaming would have served to open the door to a hacker, who made more than 1 million US dollars (USD). It was Audius, a music streaming service (somewhat similar to Spotify) that runs on the Ethereum and Solana blockchains.

On Twitter, the Username @spreekaway reported that a hacker apparently created a malicious proposal to execute a transfer of at least 18 million AUDIO tokens directly from the app’s treasury, which is protected by a smart contract (smart contracts). This is the platform’s governance token and the transaction was equivalent to just over $6 million.

The proposal was apparently approved by the community, as established by decentralized governance systems. This allowed the hacker to designate himself as the sole guardian of said smart contract. With this, he diverted the amount in dollars mentioned above, the equivalent of the millions of transferred AUDIO.

Even though the Audius developers stopped the contracts in ethereumas well as the activity of the token in order to avoid the loss of more funds, the hacker managed to sell a part of his loot in the decentralized exchange Uniswap and raised $1.08 million. This led to a drop in the price of the token.

In accordance with CoinMarketCapan AUDIO token is trading above $0.34, a slight recovery from the drop reported after the hacker’s sale, which caused the price of that asset to plummet to USD 0.31.

AUDIO is an ERC-20 token, so it can be traded on decentralized exchanges from cryptocurrencies. With it, it is possible to tip artists whose musical content lives in Audius. This asset is held on the Ethereum blockchain, but in order to improve scalability, a bridge between it and the Solana chain was designed in 2020.

“It was not a proposal, it was an exploit”

Although Audius did not clarify anything today and the information from the users was what allowed the theft to be reported, the CEO of the firm, Roneil Rumburg, stated that the community did not approve a malicious proposal, but that it was a exploit, a type of attack commonly seen in the cryptocurrency ecosystem.

In statements To the press, Rumburg noted that “nothing was approved by any legitimate means.” “The governance system was simply used as an entry point for the attack.”

At the close of this article, Audius already resumed their functions and, they say, the funds in the community treasury “are insured.” In addition, it is estimated that the company will publish a “post-mortem” of the attack this week.

We would love to say thanks to the author of this short article for this incredible material

Ethereum music player and Solana suffered theft of 18 million tokens