The decentralized music streaming platform Audius was hacked over the weekend, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million.

After a hacker stole $6 million worth of AUDIO tokens this weekend, the platform responded within minutes by freezing several services until the developers could deploy fixes to prevent further theft of tokens.

According to a post-mortem report published by Audius on Sunday, the hacker exploited a bug in the contract initialization code that allowed them to perform repeated invocations of the initialize functions.

This enabled the intruder to transfer 18.5 million AUDIO tokens held by the so-called “community treasury” to their wallet, essentially stealing a significant amount of money and changing the platform’s governance dynamics.

Chinese Hackers Breach Over 20,000 FortiGate Systems Worldwide in Extensive Cyber Espionage Campaign