BleepingComputer reports that nearly $6 million worth of tokens have been stolen from decentralized music streaming platform Audius following a cyberattack over the weekend.
Several services offered by the platform have been halted minutes after the intrusion, according to Audius, which noted that a vulnerability in its contract initialization code had been exploited by attackers to facilitate the transfer of 18.5 million TOKENS to their wallet.
One of the four attempted governance proposals passed and enabled the transfer of the whole Audius community pool to their wallet.
Stolen tokens were then traded for only 1/6 of their value over at Uniswap, said Audius, which has already restored the AUDIO token but not the "Staking" and "Delegate Manager" smart contract systems. Audius also noted that the vulnerability had not been identified after two audits of its contract system in August 2020 and October 2021.
"Audits are not bulletproof, and time spent in the market (and the resulting Lindy effect) can help build confidence but does not rule out opportunities for exploitation," said Audius.
BleepingComputer reports that the Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities Catalog to include the high-severity Windows Support Diagnostic Tool zero-day and UnRAR utility vulnerabilities following active exploitation in the wild.
TechCrunch reports that data protection software provider Spin Technology has landed $16 million in a Series A funding round, which will be allocated toward further expansion as it aims to strengthen the defenses of software-as-a-service apps against cyberattacks.