tl;dr
Bittensor, an AI-focused project, suspended its network operations due to wallet hacks resulting in a loss of at least $8 million worth of TAO, its native token. The team released a detailed report attributing the attacks to a malicious package uploaded to the PyPi Package Manager version 6.12.2. Im...
Bittensor, an AI-focused project, has suspended its network operations due to wallet hacks resulting in a loss of at least $8 million worth of TAO, its native token. The team released a detailed report attributing the attacks to a malicious package uploaded to the PyPi Package Manager version 6.12.2. Immediate mitigation steps were taken, and the team is collaborating with exchanges to trace the attacker and potentially recover funds. They plan to gradually resume normal operations, advising users to create new wallets and transfer funds once the blockchain is operational. Bittensor also plans to enhance security measures and investigate the breach with PyPi maintainers. The project's native token, TAO, has experienced a significant price downtrend.
According to the report, the decision was made to place the Opentensor Chain Validators behind a firewall and activate safe mode on Subtensor at 7:41 PM UTC on Wednesday due to the attack that affected multiple participants in the Bittensor community. The attack timeline indicates that the attacker initiated fund transfers from wallets to their wallet, which was detected by the Opentensor Foundation (OTF). A “war room” was reportedly established to respond to the abnormality in transfer volume. Eventually, the attack was neutralized by placing the Opentensor chain validators behind a firewall and activating safe mode. This action halted all transactions, allowing for a comprehensive situational analysis of the attack.
The root cause of the attack was traced back to the PyPi Package Manager version 6.12.2, where a malicious package was uploaded, compromising user security. This malicious package, disguised as a legitimate Bittensor file, contained code to steal unencrypted coldkey details. When users downloaded the package and decrypted their coldkeys, the decrypted bytecode was sent to a remote server controlled by the attacker. The vulnerability is believed to have affected individuals who used Bittensor 6.12.2 and performed operations involving the decryption of hotkeys or coldkeys. Additionally, those who downloaded the Bittensor PyPi package between May 22, 7:14 PM UTC, and May 29, 6:47 PM UTC, and performed any relevant operations were also likely impacted.
Immediate mitigation steps were taken by the OTF team, including removing the malicious 6.12.2 package from the PyPi Package Manager repository. So far, no other vulnerabilities have been identified, but a comprehensive assessment of all potential attack vectors is ongoing. The Bittensor team has collaborated with several exchanges to provide attack details, trace the attacker, and potentially recover funds. As the code review nears completion, Opentensor plans to gradually resume normal operations of the Bittensor blockchain, allowing transactions to flow again. The team emphasizes taking precautions, such as creating new wallets and transferring funds once the blockchain is operational. Upgrading to the latest version of Bittensor is strongly advised to enhance security measures.
Bittensor plans to investigate the breach with the PyPi maintainers and implement enhancements to prevent future incidents. These enhancements include stricter access and verification processes for packages uploaded to PyPi, increased frequency of security audits, implementation of best practices in public security policies, and heightened monitoring and logging of package uploads and downloads. At the time of writing, the project’s native token TAO is trading at $224, down over 42% in the last 30 days alone. However, the token still has significant gains of over 386% year-to-date.