- Bittensor founders provide a detailed update on the recent security breach.
- Attack traced to a malicious PyPi package compromising multiple users.
- Opentensor Foundation is reviewing code and removing vulnerabilities.
- Exchanges are involved in tracing the attacker to recover stolen funds.
- Normal operations will resume after thorough security assessments.
Following the recent security breach on the Bittensor network, the founders Jacob Steeves (Const), Ala Shaabana (ShibShib), and The Opentensor Foundation have issued a detailed community update.
The breach prompted the Foundation to place the network’s chain validators behind a firewall to protect users from further damage.
- The attack began on July 2 at 7:06 PM UTC when an attacker started transferring funds from user wallets into their own.
- By 7:25 PM UTC, OTF detected abnormal transfer volumes and initiated a war room.
- By 7:41 PM UTC, safe mode was activated to halt all transactions and analyze the situation.
Investigation and Root Cause
The attack was traced back to a malicious package in the PyPi Package Manager version 6.12.2.
This package disguised itself as a legitimate Bittensor package but contained code designed to steal unencrypted coldkey details.
When users downloaded this package and decrypted their coldkeys, the decrypted bytecode was sent to a server controlled by the attacker.
Participants likely affected by this attack include anyone using Bittensor 6.12.2 who performed operations such as staking, transferring, or delegating funds during the vulnerability window from May 22 to May 29.
Fortunately, the underlying Bittensor protocol and Subtensor code remain uncompromised and secure.
Immediate Mitigation Measures
In response to the attack, OTF swiftly removed the malicious package from the PyPi repository. The team is meticulously reviewing the Subtensor and Bittensor code on GitHub to ensure no other vulnerabilities exist.
Exchanges have been provided with details of the attack to help trace the attacker and potentially recover stolen funds. The Bittensor community has also rallied to support these efforts.
Normal operations will gradually resume once the code review is complete. OTF is balancing urgency with caution to ensure a safe and responsible approach. Regular progress updates will be provided to keep the community informed.
Precautionary Steps and Future Enhancements
OTF advises users who suspect their wallets were compromised to create new wallets and transfer their funds once normal operations resume.
Users are also encouraged to upgrade to the latest version of Bittensor using the command “pip install –upgrade bittensor.”
Moving forward, OTF is working with PyPi maintainers to investigate the breach and prevent future incidents.
The foundation plans to implement enhanced package verification processes, increase the frequency of security audits, and adopt best practices in public security policies. Enhanced monitoring and logging of package uploads and downloads will also be introduced.
Follow BITNEWSBOT on Facebook, Linkedin, Twitter, and Google News for instant updates >
Conclusion
The recent security breach on the Bittensor network led to a temporary halt in transactions and a thorough security review.
Founders Jacob Steeves, Ala Shaabana, and The Opentensor Foundation have communicated the details of the incident and outlined the steps being taken to address it.
As the network resumes normal operations, the community will be kept informed through regular updates and a Q&A session.
This incident serves as a critical moment for the Bittensor project, highlighting the importance of robust security measures in the cryptocurrency space.
Previous Articles:
- Bittensor Halts Network Activity Following $8 Million Wallet Drain
- Natix: The AI-Powered DePIN App Revolutionizing Driving and Mapping
- Dusk Mainnet Set to Launch on September 20th
- Synternet Launches Mainnet on Cosmos Network, Paving the Way for Decentralized Data Economy
- Tezos X: A New Era of Scalable, Interoperable Blockchain