Bittensor Post Mortem reveals $8 Million Exploit caused by Malicious Package Upload
Decentralized artificial intelligence (AI) network Bittensor announced that the recent exploit of $8 million worth of Bittensor (TAO) was traced to a malicious package on PyPi Package Manager version 6.12.2, which disguised itself as a legitimate Bittensor package and stole unencrypted coldkey details, according to a medium post.
The Bittensor team has removed the malicious package from the PyPi Package Manager repository. As of now, no additional vulnerabilities have been identified, the post said.
The Opentensor Foundation (OTF), the group behind the decentralized artificial intelligence (AI) network Bittensor, announced via a medium post that it has identified the cause of the $8 million security exploit on Bittensor wallets.
According to the post-mortem report, the Bittensor team, after investigation, stated that the attack that led to the loss of about $8 million worth of the project’s TAO tokens from one wallet is attributed to a malicious package upload.
In the post addressing the Bittensor Community, TAO Holders, and Contributors, it stated that “Due to an attack that impacted several members of the Bittensor community, we decided to put the Opentensor Chain Validators behind a firewall and put Subtensor in safe mode yesterday at 7:41 PM UTC. Our team has been working nonstop for the last 24 hours to identify, prioritize, and resolve this problem.”
Opentensor Foundation (OTF) further stated a detailed assessment of the attack, mitigations, and actions the company has taken to make things right and prevent this from happening again.
According to the foundation, the attack started on July 2 at 7:06 p.m. UTC, with the attacker sending funds from the wallets and transferring them to their own wallet. At 7:25 p.m., OTF noticed an "abnormality in transfer volume." The attack was neutralized at 7:41 p.m. after the network validators were put behind a firewall and safe mode turned on to stop any nodes from connecting to the Opentensor chain. This halted all transactions and enabled the team to conduct a thorough investigation of the attack.
The attack was discovered to be caused by a malicious package that was uploaded to PyPi Package Manager version 6.12.2, compromising user security. The malicious package was made to look like a genuine Bittensor package and included code that was intended to steal unencrypted, cold-key information, the medium post added. After users downloaded this package and decrypted their cold keys, the attacker sent the decrypted bytecode to a remote server, the post said.
Anyone who downloaded the Bittensor PyPi package version 6.12.2 between May 22 (7:14 PM UTC) and May 29 (6:47 PM UTC) and did an operation that included staking (add or remove), wallet transfer, or voting power delegation was likely to be affected by the vulnerability, according to the OTF.
Furthermore, according to the team analysis, participants were not likely to be affected if they did not carry out any of the aforementioned tasks while delegating stakes, used a third-party application, or did not transfer stored funds within the period of the attack. The underlying Bittensor protocol is still secure and uncompromised, and this attack had no effect whatsoever on the Subtensor code or the blockchain, the post added.
Immediate Mitigation steps taken by Bittensor and Tracing the Attacker
The malicious 6.12.2 package was taken down from the PyPi Package Manager repository by the OTF team.
OTF has been going through the Subtensor and Bittensor code on Github with a fine-toothed comb to make sure there aren't any more vulnerabilities. As of yet, no additional vulnerabilities have been found. “We have not stopped going over and evaluating the code base in detail, and we are currently working on a 360-degree evaluation of all possible attack vectors,” it added.
In the post, OTF said it has been working with a number of exchanges by providing information about the attack to help track the attacker and possibly recover funds. The company appreciated the efforts of the entire Bittensor community, which has also been working tirelessly in support of this.
Following the conclusion of the code review, OTF will gradually restore regular blockchain operations on the Bittensor, enabling transaction flow once more. This is to ensure that the company takes a responsible and safe approach, even doing it with a sense of urgency, the post said.
As we restore the network's functionality over the next few days, we will keep the community informed through frequent updates so that they can plan ahead and implement security measures. The foundation in the post stated that it is recommended that users create a new wallet and transfer their funds immediately after the blockchain resumes operation. It said those who have yet to upgrade to the latest version of Bittensor should do so, as it will ensure the safety of their wallets.
The foundation further said that it would provide another update within 24 hours. In addition, OTF will be implementing enhanced package verification, security standards, increased monitoring, and outside audit frequency as it continues to work with the PyPi maintainers to investigate this attack and prevent such incidents in the future.
How $8 million worth of TAO stolen on Bittensor Network exposed security vulnerabilities
Due to strange activity on users' wallets, the developers of the alleged decentralized AI project were forced to temporarily halt operations at Bittensor. One wallet containing TAO tokens worth approximately $8 million was lost due to the attack.
In a Telegram update, independent security researcher ZachXBT said, "Bittensor was halted due to additional thefts earlier today, possibly as a result of private key leakage." He added that the attacker had stolen $8 million worth of TAO, or approximately 32,000 TAO tokens. This incident resulted in the value of the TAO token dropping by 15% to about $230, indicating that holders had gone into a panic
— Bittensor (@bittensorcom) July 3, 2024
The network has previously experienced similar security issues. TAO tokens valued at $11.2 million were lost when another wallet was compromised just one month prior. Notably, Bittensor lists itself as one of the top global providers of machine learning models that connect the various individual models. It is one of the largest cryptocurrency projects, with an AI focus. The incident involving Bittensor's wallets thus illustrates the increase in fraud and exploits on well-known cryptocurrency projects.
Disclaimer: This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.