On July 2, the decentralized AI network Bittensor fell victim to a significant security incident, leading to the unauthorized withdrawal of $8 million in TAO tokens. The OpenTensor Foundation (OTF), which oversees Bittensor, responded promptly to limit the fallout. A subsequent investigation revealed a rogue element within the PyPi Package Manager as the culprit.
**Security Alert: Bittensor’s $8 Million TAO Token Theft Traced to Rogue Package**
Disguised as a genuine Bittensor resource, the deceptive package was engineered to hijack unencrypted cold key information and relay the data to an external server under the hacker’s control. The theft commenced at 7:06 P.M. UTC, with the perpetrator redirecting assets from vulnerable wallets to their own. By 7:25 P.M., the OTF noted unusual transaction activity and convened an emergency response team.
At 7:41 P.M., a defensive perimeter was established for validators, and the network switched to “safe mode,” freezing all transactions to avert additional losses and facilitate a comprehensive analysis.
The breach specifically impacted individuals who installed version 6.12.2 of the PyPi Package Manager between May 22 and May 29 and engaged in certain activities like staking, wallet transactions, or delegation.
In response, the OTF expeditiously eradicated the harmful package from the PyPi repository and conducted an exhaustive audit of Subtensor and Bittensor’s GitHub repositories. While no further security gaps were found, ongoing scrutiny of the codebase and exploration of potential security breaches persist.
Efforts are underway in collaboration with various exchanges to trace the perpetrator and recover the misappropriated funds. OTF advises affected users to establish new wallets and relocate their funds once standard operations are restored. It is also highly recommended to update to the most recent Bittensor version.
OTF has committed to keeping the community informed with regular updates and is enacting more stringent security protocols to forestall similar incidents in the future.
“We are currently coordinating with the PyPi administrators to thoroughly investigate this breach and forestall any recurrence,” stated the OTF in their briefing.
**Bittensor’s Commitment to Strengthened Security Post-Breach**
This security lapse has not only affected the Bittensor community but also precipitated a 15% drop in the value of TAO.
TAO Weekly Chart Source: CoinMarketCap
Nevertheless, certain validators have confirmed the safety of their delegators’ assets. The community has rallied in support of containment efforts, with numerous members contributing to the cause alongside OTF.
OTF co-founder Ala Shaabana has confirmed the confinement of the breach and reassured that the investigation is considering all potential scenarios.
“To clarify, this incident did not compromise the blockchain or Subtensor’s code. The foundational Bittensor protocol remains intact and secure,” affirmed Shaabana.
In light of these events, Bittensor has declared the adoption of heightened security measures to thwart future security threats. OTF will issue a detailed update within the next 24 hours and will conduct a Q&A session to address any residual community concerns.
Stay updated with us on Google News.