Decentralised music platform Audius has confirmed that an ‘unauthorised transfer’ of its utility token AUDIO from its community treasury took place on July 23rd.
According to crypto tracking and compliance platform MistTrack_io, the scammers took approximately 18.5 million AUDIO tokens, which they then transferred into 705 ETH (or just under $1.1 million- one-sixth of the real value of 18.5 million AUDIO tokens) via Uniswap. After converting the stolen assets into ETH, the scammers then eluded captivity by transferring them to another account via the private transaction protocol Tornado Cash.
As per the incident’s post-mortem report, the theft happened because “the Audius governance, staking, and delegation contracts on the Ethereum Mainnet were compromised due to a bug in the contract initialization code that allowed repeated invocations of the initialise functions”.
In wake of the attack, the Audius team has patched the vulnerabilities which were responsible for its occurrence, however, in the meantime, many features such as token transfer and balance display have not been activated because of concerns about risks.