Audius is a Solana-based Web3 music streaming platform similar to SoundCloud, which touts a more direct relationship between musicians and fans by running ownership/payment through the AUDIO token. Audius also offers staking for their token, advertising it as protecting and powering their network. This week, that statement feels a bit misleading, as the Audius community treasury has been hacked.
The attacker called the "initialize" function in the Audius governance contract to modify configurations (through re-initialization) such as "voting period," "execution delay," and "guardian address." The attacker then created and passed a governance proposal, which transferred 18.5M AUDIO tokens from the community treasury. This accounts for 2.5% of the total token supply.
These tokens were worth roughly $6M at the time of the hacking, and the attackers have since been able to offload these tokens on Uniswap and trade them for ETH, though not particularly effectively. Due to the speed at which the attackers were trying to offload the tokens, they lost some $4.9M of value due to high slippage, meaning they walked away from the attack with only $1.1M in ETH.
AUDIO saw a double-digit percent crash following news of the hack, but has been reclaiming ground since then. The team announced that they have patched the issue and all functionality is back to normal.
Personally, I’ve used Audius as my go to example of a company using blockchain technology effectively when people ask what killer crypto apps may be. There are many issues with Web2 audio streaming competitors, though largely the problem is that the middle men in the system take so much of the profits from artists that up and coming individuals can’t make a living off it. From my exposure to the Audius team, they’ve been skilled professionals and the platform is well regarded by artists and fans.