Blockchain Music Platform Audius Falls Victim to Hackers, Loses $6 Million

Audius, the blockchain music platform, lost $6 million in a recent hack.

The threat actors that breached the platform were able to steal approximately $18 million AUDIO (Audiu's crypto token) that is estimated to be worth around $6 million.

After a hacker stole $6 million worth of AUDIO tokens this weekend, the platform responded within minutes by freezing several services until the developers could deploy fixes to prevent further theft of tokens.

Audius Hack

Audius runs on the blockchain of Ethereum as a decentralized streaming platform. According to BleepingComputer, Audius is a platform that allows artists to upload their music and earn AUDIO tokens from it. On the other hand, users can also earn AUDIO through listening to and curating content on the platform.

The company then went to Twitter to confirm the hacking that happened in their system and to inform their users, both artists and listeners, about the current condition and the reason behind the immediate shut down of operations.

On July 24, Audius tweeted saying that there have been reports of an illicit transfer of AUDIO tokens taken from the community treasury and that the team is aware of these reports.

They also mentioned that they have launched an investigation into the matter and will provide an update as soon as they get more information.

Additionally, Audius said, "If you'd like to help our response team, please reach out."

According to Audius, "the Audius governance, staking, and delegation contracts on the Ethereum mainnet were compromised due to a bug in the contract initialization code that allowed repeated invocations of the initialize functions."

The bug enabled an attacker to fraudulently move 18MM $AUDIO tokens owned by the Audius governance contract (referred to as the "community treasury") to a wallet under their control and manipulate voting system dynamics to change their staked $AUDIO quantities in the network.

Audius revealed that the company runs a regular security audit and updates on their system. On August 25, 2020, the company had a security audit by the OpenZeppelin team.

On October 27, 2021, the company was audited by Kudelski. Unfortunately, the two audits done separately failed to detect that vulnerability.

This is definitely a wake up call and a huge lesson for the company since they have reported to be an organization that continuously updates their security measures but still failed to avoid a hack in their system despite their efforts.

The company said they have learned the hard way that audits are not bulletproof and even if spending time in the market might assist in developing confidence, it does not eliminate the possibility of hacking.

Audius's Key Takeaway

The Audius hack was mitigated immediately, just a few hours after being detected.

The blockchain platform also stated that they are still working towards implementing changes to ensure the safety of operations when they resume.

One of the key takeaways for the company from the incident is that the speed of the incident response team helped them tremendously.

They recognized that they were really lucky that this happened during the majority of their team's waking hours; as a result, they were able to get a critical mass of team members online within minutes of the initial report. The speed with which an incident team is assembled is of the utmost importance.

The vast majority of funds associated with the Audius ecosystem, including those belonging to the Audius foundation, the Audius team, the Audius community, and any other funds, are secure and unharmed despite the hacking incident.

Work is currently being done in conjunction with the community to investigate potential solutions to the problem of lost cash; it is to the company's good fortune that a wide variety of possibilities are still open to them.