Uneven storage structure causes decentralized music platform Audius to lose millions of its tokens.
On July 24, Audius, a decentralized music streaming platform established in 2018, reported unauthorized transfer from the “community treasury”.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is a Cryptocurrency: For Beginners (Animated Explainer)
The robbery happened after the hacker modified smart contracts and became a contract custodian. Having this authorization, the robber was able to formulate a malicious government proposal (Proposal #85), which allowed to make the transfer of 18 million original AUDIUS tokens.
Further investigation revealed that the hacker stole $6 million worth of tokens, which later were dumped and sold for $1.08 million on Uniswap. The price was lowered due to slippage that the hacker caused.
Some investors were keen to suggest immediate buyback to prevent an even bigger drop in price.
On that day, Audius temporarily stopped all smart contracts and transfers of Audius tokens to assure that no further losses were acquired.
According to the investigation delivered by PeckShield Inc., the problem of how the hacker managed to become a contract custodian lies in uneven storage structure in proxy and impl.
PeckShield used Twitter to offer help for Audius replying to their initial tweet about the hack.
After a while, Audius took to Twitter to announce that the issues found in the system have been successfully resolved.
All remaining funds are safe and fixes have been deployed. At this point, all remaining smart contract components have been updated and unpaused except staking & delegation. We expect to have these online within the next couple of days after changes have been reviewed.”