Decentralized AI Network Ask me dear TAO found itself at the center of a major security breach, losing over $8 million worth of its native token TAO. In a detailed report, the project team sheds light on the root causes of the attack and the steps being taken to secure the network and stabilize the token’s price.
Coming just a month after another $11 million wallet breach, the incident has shaken the Bittensor community and raised questions about the project’s resilience and its claims to decentralization. As the team works to restore normalcy, it has proposed a bold move — burning 10% of TAO’s supply to stabilize the token’s value.
In this comprehensive article, we delve into the timeline of the attack, the technical vulnerabilities that were exploited, immediate mitigation efforts, and long-term security improvements planned by the Bittensor team. We also explore the community’s reaction and the potential consequences for the future of the project.
Bittensor Vulnerability: Timeline of Events
The Bittensor hack began on July 2, 2023, with the first signs of unusual activity detected at 7:06 p.m. UTC. The team’s monitoring systems quickly detected the unusual volume of traffic, prompting the creation of a “war room” within 19 minutes to coordinate a response.
By 7:41 p.m. UTC, the Opentensor Foundation (OTF) team took decisive action, placing Opentensor Chain investigators behind a firewall and activating “safe mode” on the Subtensor network. This effectively halted all transactions, allowing for a comprehensive analysis of the situation and preventing further losses.
Related reading: Holograph Hack: The Billion Token Heist and Its Aftermath
Root cause of Bittensor hack: Malicious PyPi package
Investigations into the origins of the attack have found that the vulnerability is traced back to a malicious package uploaded to the PyPi package manager, version 6.12.2. This package, disguised as a legitimate Bittensor file, contains code designed to steal details of users’ unencrypted cold keys.
When unsuspecting Bittensor users downloaded and decrypted hotkeys, the decrypted binary code was automatically transferred to a remote server controlled by the attacker. This breach compromised the security of those who used Bittensor 6.12.2 and performed operations involving decrypting hotkeys or cold keys.
Immediate mitigation and security measures
In the immediate aftermath of the attack, the OTF team moved quickly to remove the malicious package 6.12.2 from the PyPi Package Manager repository. This decisive move prevented further penetration and limited the scope of the breach.
However, the team recognized the need for a more comprehensive security assessment to identify and address any other potential vulnerabilities. A comprehensive code review is currently underway, and the Bittensor Network will gradually resume normal operations once the team is confident in the integrity of the system.
Related reading: Ronin Network Hack Update: Norway Recovers $5.7 Million in Stolen Crypto Assets
Compensation for affected users
To address the financial impact on affected users, the Bittensor team proposed burning the token, reducing the total supply of TAO by 10%. This move aims to stabilize the token price, which fell by 15% after the incident, reaching a six-month low of $227.
Active voters participating in the burn proposal will be rewarded with compensatory DAO rewards at a later date, incentivizing community participation and support for the project’s security efforts.
Community reactions and repercussions
The Bittensor hack has sparked a lively debate within the community, with some questioning the project’s claim to decentralization. Critics claim that the ability to pause the chain goes against the principles of a decentralized AI network, while proponents believe the move was necessary to protect user assets.
Despite the severity of the attack, some investigators, such as RoundTable 21, have confirmed that the delegates’ funds remained safe, suggesting that the exploit did not affect all users uniformly.
As Bittensor gradually resumes normal operations, users are advised to create new wallets and transfer their funds once the blockchain is live. It is also highly recommended to upgrade to the latest version of the software to ensure enhanced security.
Restoring confidence and securing the future
The Bittensor team’s quick response and proposed security improvements demonstrate their commitment to restoring trust in the TAO ecosystem. The outcome of the token burn vote will be a crucial step in the stability of the network and signal the project’s resilience to the broader crypto community.
By addressing the root causes of the attack, implementing strong security measures, and promoting transparent communication, Bittensor aims to emerge from this incident as a stronger, more secure decentralized AI network. Continued community support and engagement will be essential in navigating this challenge and shaping the long-term success of the project.
Conclusion
There is no doubt that the Bittensor hack was a significant test for the decentralized AI network, exposing vulnerabilities and testing the resilience of its infrastructure. However, the project’s rapid response, comprehensive reporting, and proactive security improvements demonstrate a commitment to learning from this experience and strengthening the network against future threats.
As Bittensor overcomes the consequences of the attack and works to restore trust in the TAO ecosystem, the broader crypto community will be watching closely. The project’s ability to overcome this challenge and emerge as a more secure and trusted platform will be a testament to its long-term viability and the promise of decentralized AI technologies.