$6 million stolen from blockchain music platform Audius

The popular music platform Audius was breached over the weekend, with hackers stealing over 18 million AUDIO tokens worth nearly $6 million.

Audius is a decentralized streaming platform hosted on the Ethereum blockchain where artists can earn AUDIO tokens by sharing their music, and users can earn tokens by curating and listening to content.

After threat actors stole $6 million worth of AUDIO tokens this weekend, the platform responded within minutes by freezing several services until the developers could deploy fixes to prevent further theft of tokens.

According to a post-mortem report published by Audius on July 24, miscreants exploited a bug in the contract initialization code that allowed them to perform repeated invocations of the initialize functions:

This enabled the intruder to transfer 18.5 million AUDIO tokens held by the so-called “community treasury” to their wallet, essentially stealing a significant amount of money and changing the platform's governance dynamics. Then, the attacker traded their tokens on Uniswap for only $1.07 million, losing 5/6 of their value, and then passed them through the Tornado Cash mixing service to hide the trail of the stolen funds.

In the same time, the notorious ransomware group Lockbit hacked the Italian Revenue Agency and added the government agency to the list of victims reported on its Dark Web leak site.