Audit log

Every state-changing event for Audius: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-28 17:24:55Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,765,142

   sig

   2NmVWgHCPq5R…9CCBxbBXcopyexplorer ↗

   hash

   Aj422cok6T2v…ERC3qnCmcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (6302 B) ▸

   {"actor":"system:backfill","investigation_id":"783e4b94-9c36-46a8-b071-ef7fc56191b5","kind":"publish","page_slug":"audius","published_at":"2026-05-28T17:24:55.777Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Audius","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptoslate.com/attackers-stole-6-million-from-audius-by-exploiting-a-bug-in-the-contract/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/hacker-drains-1-08m-from-audius-following-passing-of-malicious-proposal","type":"other","url":""},{"credibility":3,"name":"https://losslessdefi.medium.com/audius-hack-code-enabled-governance-attack-33ac9d8084c8","type":"other","url":""},{"credibility":3,"name":"https://www.bankinfosecurity.com/thief-steals-6m-tokens-from-audius-sells-them-for-1m-a-19639","type":"other","url":""},{"credibility":3,"name":"https://www.bitdefender.com/en-us/blog/hotforsecurity/hacker-exploits-bug-at-decentralized-music-platform-audius-steals-6-million-worth-of-tokens","type":"other","url":""},{"credibility":3,"name":"https://dailycoin.com/music-platform-audius-audio-hacked-for-6m-via-proposal-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptonews.net/news/security/9578753/","type":"other","url":""},{"credibility":3,"name":"https://losslessdefi.medium.com/audius-hack-code-enabled-governance-attack-33ac9d8084c8","type":"other","url":""},{"credibility":3,"name":"https://github.com/nukanoto/audius-exploit","type":"other","url":""},{"credibility":3,"name":"https://hashdex.com/en-US/insights/three-lessons-from-the-audius-hack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coinmarketcap.com/currencies/audius/","type":"other","url":""},{"credibility":3,"name":"https://www.coingecko.com/en/coins/audius","type":"other","url":""},{"credibility":3,"name":"https://www.cnbc.com/2021/08/17/audius-lands-tiktok-partnership-and-its-token-audio-market-cap-surged.html","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.rollingstone.com/pro/news/audius-blockchain-nft-crypto-streaming-platform-1226559/","type":"other","url":""},{"credibility":3,"name":"https://www.crunchbase.com/organization/audius","type":"other","url":""},{"credibility":3,"name":"https://forkast.news/what-is-audius-could-it-be-the-next-spotify/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cnbc.com/2021/08/17/audius-lands-tiktok-partnership-and-its-token-audio-market-cap-surged.html","type":"other","url":""},{"credibility":3,"name":"https://www.rollingstone.com/pro/news/tiktok-sounds-streaming-crypto-blockchain-nfts-audius-1211699/","type":"other","url":""},{"credibility":3,"name":"https://routenote.com/blog/audius-tops-7-5-million-users-after-acquiring-soundstage-fm/","type":"other","url":""},{"credibility":3,"name":"https://x.com/audius/status/1968485999933034944","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://home.treasury.gov/news/press-releases/jy0916","type":"other","url":""},{"credibility":3,"name":"https://www.justice.gov/usao-sdny/pr/tornado-cash-founders-charged-money-laundering-and-sanctions-violations","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/attackers-stole-6-million-from-audius-by-exploiting-a-bug-in-the-contract/","type":"other","url":""}]}],"sources_used":[],"summary":"Audius is a decentralized music streaming protocol and its native AUDIO token, launched in 2020 on Ethereum and subsequently migrated to Solana. On July 23, 2022, an attacker exploited a critical re-initialization vulnerability in Audius governance smart contracts, draining 18.56 million AUDIO tokens (valued at approximately $6 million at the time) from the community treasury before swapping them for approximately $1.08 million in ETH via Uniswap and routing funds through Tornado Cash. The platform has continued to operate since the exploit, deploying patched contracts and expanding user and artist partnerships, but the AUDIO token has declined approximately 99.6% from its all-time high and the exploit raised serious questions about audit quality.","timeline":[{"date":"2018-01-01","event":"Audius founded by Roneil Rumburg, Forrest Browning, and Ranidu Lankage; raises $5.5M Series A from General Catalyst.","source":""},{"date":"2019-08-01","event":"Audius testnet launched; independent node operators begin supporting the network.","source":""},{"date":"2020-09-01","event":"Audius mainnet launches alongside the AUDIO token; platform reports over 500,000 monthly active users.","source":""},{"date":"2020-10-01","event":"Governance, staking, and delegation smart contracts deployed on Ethereum mainnet; audited by OpenZeppelin.","source":""},{"date":"2021-08-17","event":"Audius announces partnership with TikTok as its first music streaming integration; AUDIO token surges over 90%.","source":""},{"date":"2021-10-01","event":"Kudelski Security audits Audius smart contracts; re-initialization vulnerability goes undetected.","source":""},{"date":"2022-07-23","event":"Governance exploit: attacker exploits storage collision bug, passes malicious governance proposal, drains 18,564,497 AUDIO (~$6M) from community treasury. Proceeds (~$1.08M ETH) swapped on Uniswap and laundered via Tornado Cash. Audius team deploys fix within 87 minutes.","source":""},{"date":"2022-08-08","event":"U.S. Treasury OFAC sanctions Tornado Cash, the mixer used by the Audius attacker to launder stolen proceeds.","source":""},{"date":"2022-01-01","event":"Audius acquires virtual concert platform SoundStage.fm; platform tops 7.5 million monthly users.","source":""},{"date":"2023-08-23","event":"Tornado Cash co-founders charged by U.S. DOJ with money laundering and sanctions violations.","source":""},{"date":"2026-05-01","event":"AUDIO trading at approximately $0.019, approximately 99.6% below all-time high. Audius warns users of phishing airdrop campaign impersonating the platform.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 6f296fb8-87f5-480c-a456-24c38e12b494copy
2. #2reviewby reviewerreviewer

   2026-06-14 23:15:51Z
   Score: 32 → 32 (no score change)
   Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Audius is a legitimate decentralized music protocol founded by credentialed Stanford CS alumni, backed by General Catalyst, Lightspeed, Kleiner Perkins, and Pantera Capital, and currently operating in 2026 under the Open Audio Protocol brand. The sole major incident — the July 23, 2022 treasury exploit — was perpetrated by an external attacker who exploited a storage-collision re-initialization vulnerability in governance contracts; the team patched the vulnerability within 87 minutes. Two independent audits (OpenZeppelin, Kudelski) missed the specific bug, which is a known limitation of smart-contract auditing and does not constitute fraud or gross negligence. No SEC actions, no fraud convictions, no exit-scam mechanics, and no Ponzi indicators exist. The current WARNING band (20-49) is reserved for elevated fraud/loss risk or unresolved severe incidents; a single resolved third-party exploit on an otherwise operating, funded, legitimate protocol belongs in CAUTIONARY (50-69), which covers legitimate entities with material caveats. Residual caveats include the unresolved piracy/copyright concerns raised by the NMPA, the severe token value decline, and the historical audit failure — these justify a mid-CAUTIONARY score of 58 rather than a higher VERIFIED score.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,348

   sig

   279cwZrrNBue…i3gEnvsDcopyexplorer ↗

   hash

   AZWxucwhsd74…VcUkD877copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1765 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-14T23:15:51.875Z","decision":"review","investigation_id":"783e4b94-9c36-46a8-b071-ef7fc56191b5","new_score":32,"page_slug":"audius","prev_score":32,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Audius is a legitimate decentralized music protocol founded by credentialed Stanford CS alumni, backed by General Catalyst, Lightspeed, Kleiner Perkins, and Pantera Capital, and currently operating in 2026 under the Open Audio Protocol brand. The sole major incident — the July 23, 2022 treasury exploit — was perpetrated by an external attacker who exploited a storage-collision re-initialization vulnerability in governance contracts; the team patched the vulnerability within 87 minutes. Two independent audits (OpenZeppelin, Kudelski) missed the specific bug, which is a known limitation of smart-contract auditing and does not constitute fraud or gross negligence. No SEC actions, no fraud convictions, no exit-scam mechanics, and no Ponzi indicators exist. The current WARNING band (20-49) is reserved for elevated fraud/loss risk or unresolved severe incidents; a single resolved third-party exploit on an otherwise operating, funded, legitimate protocol belongs in CAUTIONARY (50-69), which covers legitimate entities with material caveats. Residual caveats include the unresolved piracy/copyright concerns raised by the NMPA, the severe token value decline, and the historical audit failure — these justify a mid-CAUTIONARY score of 58 rather than a higher VERIFIED score.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 90e49ece-e277-4ff5-a9dd-84c9cedbb206copy
3. #3review approveby judgejudge

   2026-06-14 23:15:51Z
   Score: 32 → 58 (+26)
   All six claim_findings were independently supported with no disputed claims (disputed_pct = 0%). The calibration review establishes that Audius is a legitimate, still-operating decentralized music protocol backed by top-tier institutional investors, with no fraud, no SEC action, and no exit-scam indicators. The sole material incident — the July 23, 2022 treasury exploit (claim_findings[0] and [1]) — was perpetrated by an external attacker exploiting a storage-collision bug; the team patched the vulnerability within 87 minutes. Placing a hack victim with rapid incident response in the WARNING band (20–49), which is reserved for elevated fraud risk or unresolved severe incidents, is a mis-band under the platform's own band semantics. Residual caveats (unresolved NMPA copyright concerns, severe token price decline, and two audits that missed the specific vulnerability) support a mid-CAUTIONARY score of 58 rather than a higher VERIFIED rating, but do not warrant the current WARNING band. The page content is accurate and must remain published; the score delta of +26 moves the score from 32 to the reviewer-recommended 58 (CAUTIONARY).
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,352

   sig

   57FeczcKMTwX…1pvdhgd8copyexplorer ↗

   hash

   68FGkBHqLaAi…4kcETaA7copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1494 B) ▸

   {"actor":"judge","decided_at":"2026-06-14T23:15:51.875Z","decision":"review_approve","investigation_id":"783e4b94-9c36-46a8-b071-ef7fc56191b5","new_score":58,"page_slug":"audius","prev_score":32,"reason":"All six claim_findings were independently supported with no disputed claims (disputed_pct = 0%). The calibration review establishes that Audius is a legitimate, still-operating decentralized music protocol backed by top-tier institutional investors, with no fraud, no SEC action, and no exit-scam indicators. The sole material incident — the July 23, 2022 treasury exploit (claim_findings[0] and [1]) — was perpetrated by an external attacker exploiting a storage-collision bug; the team patched the vulnerability within 87 minutes. Placing a hack victim with rapid incident response in the WARNING band (20–49), which is reserved for elevated fraud risk or unresolved severe incidents, is a mis-band under the platform's own band semantics. Residual caveats (unresolved NMPA copyright concerns, severe token price decline, and two audits that missed the specific vulnerability) support a mid-CAUTIONARY score of 58 rather than a higher VERIFIED rating, but do not warrant the current WARNING band. The page content is accurate and must remain published; the score delta of +26 moves the score from 32 to the reviewer-recommended 58 (CAUTIONARY).","score_delta":26,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision b50ebc02-6765-4fad-9c24-90a0cb193bc4copy