Proposals in crypto assist communities make consensus based decisions. For Auduis however, the passing of a malicious governance proposal resulted in the transfer of tokens worth $6.1 million, with the hacker making away with $1 million.
A malicious proposal, requesting the transfer of 18 million Audius’ in-house AUDIO tokens was approved by community voting. First pointed out on Crypto Twitter by spreekaway, the attacker created the malicious proposal wherein they were “able to call initialize and set himself as the sole guardian of the governance contract.”
Further investigation from Auduis confirmed the unauthorized transfer of AUDIO tokens from the company’s treasury. Following the revelation, Auduis proactively halted all Audius smart contracts and AUDIO tokens on the Ethereum blockchain to avoid further losses. The company, however, resumed token transfers shortly after, adding that the “Remaining smart contract functionality is being unpaused after thorough examination of the vulnerability.
While the hacker’s governance proposal drained out 18 million tokens worth nearly $6 million from the treasury, it was soon dumped and sold for $1.08 million. While the dumping resulted in maximum slippage, investors recommended an immediate buyback to prevent existing investors from dumping and further lowering the token’s floor price.
