The incident temporarily suspended network operations just a month after a similar breach, costing the project $11 million.
AI blockchain project Bittensor has disclosed details of a recent security breach that resulted in a loss of at least $8 million in its native token, TAO. The incident led to a temporary suspension of network operations, coming just a month after a previous breach cost the project $11 million.
Now, Bittensor has released a detailed report outlining the nature and cause of the latest exploit.
Root Cause of Bittensor’s Wallet Hack
The report identifies the root cause of the attack as a malicious package in the PyPi Package Manager version 6.12.2. The compromised package contained code designed to steal unencrypted coldkey details.
When users downloaded this package and decrypted their coldkeys, the decrypted bytecode was transmitted to a remote server controlled by the attacker. This vulnerability primarily affected users who downloaded the Bittensor PyPi package between May 22 and May 29 and performed any operations involving the decryption of hotkeys or coldkeys.
The attack timeline shows that the attacker initiated fund transfers to their wallet, which was quickly detected by the Opentensor Foundation (OTF). A response team, dubbed a “war room,” was established to handle the situation.
The attack was neutralized by placing the Opentensor chain validators behind a firewall and activating safe mode, which halted all transactions and allowed for a detailed analysis of the breach.
Security Actions and Immediate Measures
In response to the attack, the OTF team took immediate steps to mitigate the damage. This included removing the malicious 6.12.2 package from the PyPi Package Manager repository.
Furthermore, Bittensor has cooperated with several cryptocurrency exchanges to share details of the attack, in an effort to track down the attacker and attempt to recover the stolen funds.
To enhance security and prevent future incidents, Bittensor is implementing several measures. These include stricter access and verification processes for packages uploaded to PyPi, increasing the frequency of security audits, following best practices in public security policies, and improving monitoring and logging of package uploads and downloads.
Additionally, the Bittensor team advises users to upgrade to the latest version of Bittensor to create new wallets and transfer funds once the blockchain resumes normal operations.
Resumption of Operations and Further Investigations
With the code review process nearing completion, Opentensor plans to gradually resume normal operations of the Bittensor blockchain. This phased approach will ensure that all security vulnerabilities have been addressed before allowing transactions to flow again.
The Bittensor team remains engaged in further investigations into the breach with the PyPi maintainers and is committed to implementing additional security enhancements to prevent future incidents.
At the time of writing, TAO is trading at $201, showing a decline of over 10% in the past 24 hours, according to CoinMarketCap data. Despite this recent downturn, the token has achieved significant gains of more than 386% year-to-date.
The above is the detailed content of Bittensor Discloses Details of a Security Breach That Resulted in a Loss of $8M Worth of TAO Tokens. For more information, please follow other related articles on the PHP Chinese website!