In a recent incident, Bittensor, a prominent AI-focused project, was forced to suspend its network operations following a series of wallet hacks, resulting in a loss of at least $8 million worth of TAO, Bittensor’s native token.
This incident comes just a month after another wallet breach that led to a loss of $11 million. The Bittensor team has now released a detailed report shedding light on the developments surrounding these attacks.
Root Causes Of Bittensor’s Wallet Hack
According to the report, at 7:41 PM UTC on Wednesday, the decision was made to place the Opentensor Chain Validators behind a firewall and activate safe mode on Subtensor due to the attack that affected multiple participants in the Bittensor community.
The attack timeline indicates that the attacker initiated fund transfers from wallets to their wallet, which was detected by the Opentensor Foundation (OTF).
A “war room” was reportedly established to respond to the abnormality in transfer volume. Eventually, the attack was neutralized by placing the Opentensor chain validators behind a firewall and activating safe mode. This action halted all transactions, allowing for a comprehensive situational analysis of the attack.
The root cause of the attack was traced back to the PyPi Package Manager version 6.12.2, where a malicious package was uploaded, compromising user security.
This malicious package, disguised as a legitimate Bittensor file, contained code to steal unencrypted coldkey details. When users downloaded the package and decrypted their coldkeys, the decrypted bytecode was sent to a remote server controlled by the attacker.
The vulnerability is believed to have affected individuals who used Bittensor 6.12.2 and performed operations involving the decryption of hotkeys or coldkeys.
Additionally, those who downloaded the Bittensor PyPi package between May 22, 7:14 PM UTC, and May 29, 6:47 PM UTC, and performed any relevant operations were also likely impacted.
Security Precautions Advised
Immediate mitigation steps were taken by the OTF team, including removing the malicious 6.12.2 package from the PyPi Package Manager repository. So far, no other vulnerabilities have been identified, but a comprehensive assessment of all potential attack vectors is ongoing.
The Bittensor team has collaborated with several exchanges to provide attack details, trace the attacker, and potentially recover funds.
As the code review nears completion, Opentensor plans to gradually resume normal operations of the Bittensor blockchain, allowing transactions to flow again.
The team emphasizes taking precautions, such as creating new wallets and transferring funds once the blockchain is operational. Upgrading to the latest version of Bittensor is strongly advised to enhance security measures.
Bittensor plans to investigate the breach with the PyPi maintainers and implement enhancements to prevent future incidents.
These enhancements include stricter access and verification processes for packages uploaded to PyPi, increased frequency of security audits, implementation of best practices in public security policies, and heightened monitoring and logging of package uploads and downloads.
At the time of writing, the project’s native token TAO is trading at $224, down over 42% in the last 30 days alone. However, the token still has significant gains of over 386% year-to-date.
Featured image from DALL-E, chart from TradingView.com
