Blockchain music streaming platform Audius lost over $6M to hackers

Blockchain Music Streaming Audius Hacked Vulnerability Exploit

Audius, a decentralised music streaming platform that caters to their clients by giving out $AUDIO rewards, had reported a cyberattack incident that allowed hackers to steal more than 18 million tokens from them, which approximately sums to $6 million.

Hosted on the Ethereum blockchain, the decentralised music streaming site aids musicians in earning $AUDIO tokens when they share their music, while listeners can also earn tokens by engaging with the artists’ content.

 

Upon learning of the hack, the music streaming site paused several of its services until its internal security teams had mitigated the problem.

 

Based on the initial findings, the threat actors had abused a flaw in Audius’ contract initialisation code, which they utilised in launching repeated invocations of the initialise functions. The vulnerability allowed the hackers to steal about 18.5 million $AUDIO tokens and transfer them to their blockchain wallet.

The experts highlighted that the threat actors had not only robbed millions of assets from the music streaming platform but also had changed their governance dynamics.

The conclusion report from the investigation infers that no new tokens were minted and that the issue had not affected the entire $AUDIO token supply circulation. Audius also assured their customers that their funds were secured.

Some of the platform’s services, such as the ‘Staking’ and ‘Delegate Manager,’ have yet to be operational. However, the rest of Audius’ functionalities were resumed after the investigation and incident mitigation.

Further research on the incident shows that the contract system of the music streaming site had been assessed and audited twice in August 2020 and October 2021. However, neither of the assessments had discovered the vulnerability that caused the cyberattack issue.

As explained by the platform’s representative, audits do not exempt any entity from a possible security compromise. The firm had considered the incident a lesson that internal audits and assessments do not rule out potential attacks, and they must strengthen their security and incident response moving forward.

About the author

Leave a Reply