The protocol for decentralized music streaming Audius revealed that a hacker used a fraudulent governance vote to steal money from its community treasury.
The hacker successfully adjusted specific configurations in the smart contract used by Audius' governance system, according to security firm CertiK. With these modifications, the offender was allowed to become the contract's "guardian."
The hacker then created and approved a governance proposal (Proposal #85), which requested the transfer of 18 million AUDIO tokens from the community treasury. According to on-chain statistics, the exploit occurred on Saturday at 7 p.m. ET.
While the stolen tokens had a market value of more than $6 million, the hacker was only able to sell them for 705 ether ($1.1 million) due to significant market slippage. The money that was stolen is still in the hacker's possession.
Audius stated in an update that it had detected and fixed flaws with its smart contract and that a post-mortem report would be issued soon. Meanwhile, the smart contract has been halted.
Audius is a decentralized music streaming platform that allows musicians to monetize their work through the use of the AUDIO governance and utility token. The token is compatible with the Ethereum and Solana networks.