Much-hyped, AI-focused blockchain Bittensor remains paused after at least 32,000 TAO (worth $8 million) were reportedly stolen from the network’s validators.
As result the price of Bittensor token $TAO drastically dropped and created Fear among holders, we saw a huge selling presure in TAO and the price dumped More than -15%.
Root cause of attack
The attack was traced back to the PyPi Package Manager version 6.12.2, where a malicious package was uploaded, compromising user security.
The malicious package, masquerading as a legitimate Bittensor package, contained code designed to steal unencrypted coldkey details.
When users downloaded this package and decrypted their coldkeys, the decrypted bytecode was sent to a remote server controlled by the attacker.
Attack Timeline
1. Attack begins (July 2, 7:06 PM UTC) — Attacker begins to transfer funds out of wallets into their own wallet.
2.Attack detected (July 2, 7:25 PM UTC) — OTF detects an abnormality in transfer volume and starts a war room.
3. Attack neutralized (July 2, 7:41 PM UTC) — Opentensor chain validators were placed behind a firewall and safe mode subsequently activated to prevent any nodes from connecting to the chain and thus stopping all transactions and allowing for a full situational analysis of the attack.
Suggested precautions
If you suspect that your wallet was compromised, we strongly suggest:
Creating a new wallet and transferring your funds there. Note that this will become possible only once the blockchain resumes its normal operation. In the meantime there is no additional risk of this attack due to the temporary halting of transfers.
If you have not already done so, we strongly advise that you upgrade to the latest version of Bittensor using the following command: “pip install –upgrade bittensor”
🔼 Data Credit
> Opentensor Blog
> Bankless
> Protos