Blockchain-based audio streaming platform Audius has learned the hard way that hackers can steal community funds, despite being online for two years and having passed their security audits long ago. While users and AUDIO token holders are unaffected, this attack reminds the industry that even a well-audited project that has been live for years can still possess a sneaky vulnerability that's waiting to be discovered and exploited by a clever hacker.
Audius is a Web3 internet and blockchain music streaming platform with social media elements. It uses blockchain as part of its design to secure users' ownership rights over their content, and is one of the largest non-financial blockchain applications in the industry. Many parts of Audius are built on the Solana blockchain, and due to Solana's sub-penny transaction fees, Audius artists can tokenize their work for free by minting their content as NFTs. While Audius is still in development and will be for years, artists will eventually be able to set streaming fees for their work, and the platform promises to provide better income than Web2 competitors like Spotify and Soundcloud. When this feature is rolled out, creators will be paid in AUDIO, a cryptocurrency built on the Ethereum blockchain that is currently used for governance by the community DAO. The DAO votes on withdrawals from the treasury and upgrades to the functionality of the platform, a feature the hacker took advantage of.
Related: Bored Ape Instagram Hack & NFT Theft: What You Need To Know
According to Music Business Worldwide, on July 24, an attacker exploited a vulnerability in Audius' community governance smart contract (a blockchain program), which allowed them to "delegate" 10 trillion AUDIO tokens without
Read more on screenrant.com