Bittensor Identifies Malicious Package as Cause of $8 Million Drain

Bittensor, a decentralized AI network, experienced a severe security breach on July 2, which resulted in the theft of $8 million worth of TAO tokens.

The OpenTensor Foundation (OTF), the organization behind Bittensor, has taken swift action to mitigate the damage. In its July 3 postmortem report, the OTF identified a malicious package in the PyPi Package Manager as the root cause of the breach.

Bittensor Wallet Loses $8 Million in TAO Tokens Due to Malicious Package: How?

The compromised package masqueraded as a legitimate Bittensor library but contained code designed to steal unencrypted cold key details, sending the decrypted bytecode to a remote server controlled by the attacker.

Bittensor Community Update

Yesterday at 7:41 PM UTC, we took the decision to place the Opentensor Chain Validators behind a firewall and entered safe-mode on Subtensor due to an attack that affected multiple participants in the Bittensor community.

We have put together a…

— Openτensor Foundaτion (@opentensor) July 3, 2024

The attack began at 7:06 P.M. UTC, with the attacker transferring funds from compromised wallets to their own. By 7:25 P.M., OTF detected abnormal transfer volumes and initiated a “war room” to address the issue.

By 7:41 P.M., validators were placed behind a firewall, and the network entered “safe mode,” halting all transactions to prevent further damage and allowing for a detailed situational analysis.

The breach affected users who downloaded the PyPi Package Manager version 6.12.2 between May 22 and May 29 and performed specific operations such as staking, wallet transfers, or delegation.

– If you hold TAO on exchanges you are not at risk.

– If you installed Bittensor 6.12.2 from source you are not at risk.

– If you used a web wallet you are not at risk.

– If you installed Bittensor 6.12.2 from PyPy but did not run any commands you are not at risk.

– If you…

— const (@const_reborn) July 3, 2024

Following the discovery, OTF quickly removed the malicious package from the PyPi Package Manager repository and thoroughly reviewed the Subtensor and Bittensor code on GitHub. No other vulnerabilities were identified, but the team continues to assess the code base and investigate potential attack vectors.

OTF is also collaborating with several exchanges to trace the attacker and potentially recover stolen funds.

According to OTF, affected users can create new wallets and transfer funds once normal operations resume. Upgrading to the latest version of Bittensor is strongly recommended.

Additionally, OTF has pledged to provide regular updates to the community and is implementing enhanced security measures to prevent future incidents.

“In the immediate term, we are working with the PyPi maintainers to investigate this breach and prevent future such incidents,” OTF said in the report.

Bittensor To Implement Enhanced Security Measures

The security breach has impacted the Bittensor community and led to a 15% decline in TAO’s price.

Despite this, some validators reported that their delegators’ funds were secure. The community has actively supported mitigation efforts, with many participants working tirelessly alongside OTF.

In the postmortem report, OTF co-founder Ala Shaabana assured that the attack had been contained and that the team was investigating all possibilities.

“Finally, and for completeness and clarity, this attack DID NOT affect the blockchain or Subtensor code, and the underlying Bittensor protocol remains uncompromised and secure,” Shaabana said.

Bittensor has also announced implementing enhanced security measures to prevent future exploits. OTF will provide another comprehensive update within 24 hours and hold a Q&A session to address any lingering questions or concerns from the community.