Proposals in crypto communities help make decisions based on consensus. However, for the decentralized music platform Auduis, the acceptance of a malicious governance proposal resulted in a transfer of $5.9 million worth of tokens, with the hacker taking $1 million.
July 24 malicious offer (Offer No. 85) a request to transfer 18 million native Audius AUDIO tokens was approved by a community vote. For the first time, @spreekaway drew attention to Crypto Twitter. created a malicious suggestion where they “could call initialize() and designate themselves as the sole custodian of the management contract”.
Hello everyone – our team is aware of reports of unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report as soon as we know more.
If you would like to help our response team, please contact us.
— Audio (@AudioProject) July 24, 2022
Further investigation by Auduis confirmed the unauthorized transfer of AUDIO tokens from the company’s treasury. After the exposure, Auduis actively stopped all Audius smart contracts and AUDIO tokens on the Ethereum blockchain.
Blockchain researcher Peckshield has narrowed the error down to Audius storage schema inconsistencies.
Question about @audioproject lies in the inconsistent storage scheme between its proxy and impl. In particular, the Audius Community Treasury contract collision results in the equivalence of disabling the initializer modifier. The proxyAdmin address (0x..abac) plays a role here. pic.twitter.com/x4CqRncahp
— Peck Shield Inc. (@peckshield) July 24, 2022
While the hacker’s management proposal robbed the treasury of 18 million tokens worth almost $6 million, it was soon dumped and sold for $1.08 million. While the dumping resulted in maximum slippage, investors recommended an immediate buyback to prevent existing investors from dumping and lowering the token floor price further.
Investors have yet to get clarity on the stolen funds, as one investor asked, “They hacked into the community fund, right? The team fund is separate, right?”
While the autopsy report is being prepared, Audius has yet to respond to Cryptooshala’s request for comment.
Yuga Labs Warns of ‘Persistent Threat Group’ Targeting NFT Holders
Bored Ape Yacht Club (BAYC) creator Yuga Labs has issued a second warning about an expected “coordinated attack” on its social media accounts.
Our security team is monitoring a group of persistent threats targeting the NFT community. We believe they may soon launch a coordinated attack targeting multiple communities through compromised social media accounts. Please be vigilant and stay safe.
— Yuga Labs (@yugalabs) July 18, 2022
In June, Gordon Goner, the pseudonymous co-founder of Yuga Labs, posted the first warning of a possible inbound attack on his Twitter social media accounts. Shortly after the warning, Twitter officials actively monitored the accounts and increased their existing security.
Credit : cointelegraph.com