According to BlockBeats, on July 4, the decentralized AI network Bittensor officially announced that its community participants suffered a serious security attack on July 2. The Bittensor Foundation has taken emergency action to block further capital outflows and launched an in-depth investigation into the attack.

It is reported that the attack originated from a malicious program disguised as a legitimate Bittensor package in the PyPi package manager version 6.12.2. When the user downloads the package and decrypts his cold wallet key, the decrypted bytecode will be sent to the attacker's remote server, resulting in the theft of funds.

Those affected are mainly users who downloaded the Bittensor PyPi software package and performed operations such as transfer, pledge, and delegation between May 22 and 29. The Bittensor Foundation has removed the malicious software package from PyPi and conducted a comprehensive review of the code, and no other vulnerabilities have been found.

To contain the losses, the Bittensor Foundation has placed the validation nodes behind a firewall and enabled safe mode on Subtensor. The Bittensor blockchain has suspended all transactions until the vulnerability is fixed. The Foundation is working with trading platforms to try to recover the stolen funds.

The Bittensor Foundation said it will learn from the lessons, improve the software package verification process, increase the frequency of external audits, and improve security standards and monitoring levels. An AMA will be held in the near future to answer questions and concerns from the community. The Foundation calls on users to transfer funds to new wallets as soon as possible and upgrade to the latest version of the Bittensor software package.