Bittensor Hack overview
Bittensor, an AI-focused blockchain project, recently disclosed a significant security breach resulting in a loss of $8 million worth of its native token, TAO. This incident has led to a temporary suspension of network operations, marking the second major security event within a month. Just prior, the project experienced a similar breach, causing an $11 million loss. The team has now released a detailed report outlining the exploit’s nature, timeline, and root causes.
Root Causes of Bittensor Wallet Hack
The breach was traced to a malicious package within the PyPi Package Manager, specifically version 6.12.2. This compromised package contained code designed to steal unencrypted coldkey details. Users who downloaded this package and decrypted their coldkeys inadvertently sent the decrypted bytecode to a remote server controlled by the attacker. The vulnerability affected users who downloaded the Bittensor PyPi package between May 22 and May 29, during operations involving the decryption of hotkeys or coldkeys.
Timeline of the Bittensor Security Breach
The attack timeline revealed that the attacker began transferring funds to their wallet, which was swiftly detected by the Opentensor Foundation (OTF). A dedicated response team, referred to as a “war room,” was quickly assembled to address the breach. The attack was neutralized by placing the Opentensor chain validators behind a firewall and activating safe mode, which halted all transactions and enabled a thorough analysis of the breach.
Security Precautions and Immediate Actions
In response to the attack, the OTF team implemented several immediate measures:
- The malicious 6.12.2 package was removed from the PyPi Package Manager repository.
- Collaboration with multiple cryptocurrency exchanges was initiated to provide attack details, trace the attacker, and attempt to recover the stolen funds.
- The team increased security protocols, including stricter access and verification processes for PyPi packages, more frequent security audits, adherence to best practices in public security policies, and improved monitoring and logging of package uploads and downloads.
Future Security Enhancements
Bittensor has committed to implementing several measures to enhance security and prevent future incidents:
- Stricter access and verification processes for packages uploaded to PyPi.
- Increased frequency of security audits.
- Improved monitoring and logging of package uploads and downloads.
- Encouraging users to upgrade to the latest version of Bittensor and create new wallets for fund transfers once the blockchain resumes normal operations.
Resumption of Operations and Ongoing Investigations
As the code review process nears completion, Opentensor plans to gradually resume normal operations of the Bittensor blockchain. This phased approach ensures that all security vulnerabilities are addressed before allowing transactions to flow again. The Bittensor team remains dedicated to further investigating the breach with PyPi maintainers and implementing additional security enhancements to prevent future incidents.