Audius hack results in theft of nearly $6M

BleepingComputer reports that nearly $6 million worth of tokens have been stolen from decentralized music streaming platform Audius following a cyberattack over the weekend. Several services offered by the platform have been halted minutes after the intrusion, according to Audius, which noted that a vulnerability in its contract initialization code had been exploited by attackers to facilitate the transfer of 18.5 million TOKENS to their wallet. One of the four attempted governance proposals passed and enabled the transfer of the whole Audius community pool to their wallet. Stolen tokens were then traded for only 1/6 of their value over at Uniswap, said Audius, which has already restored the AUDIO token but not the "Staking" and "Delegate Manager" smart contract systems. Audius also noted that the vulnerability had not been identified after two audits of its contract system in August 2020 and October 2021. "Audits are not bulletproof, and time spent in the market (and the resulting Lindy effect) can help build confidence but does not rule out opportunities for exploitation," said Audius.