According to ChainCatcher, the OpenTensor Foundation posted on social media that the team is committed to restoring the normal operation of the Bittensor blockchain as soon as possible. The current priority is to ensure the security and integrity of the system, to ensure that no additional wallets are compromised and no more funds are at risk.
Officials said they were continuing to work on establishing a mechanism to ensure the safety of at-risk funds.
ChainCatcher previously reported that the decentralized AI network Bittensor officially announced that its community participants suffered a serious security attack on July 2. The Bittensor Foundation has taken emergency action to block further capital outflows and launched an in-depth investigation into the attack.
The attack originated from a malicious program disguised as a legitimate Bittensor package in the PyPi package manager version 6.12.2. When the user downloads the package and decrypts their cold wallet key, the decrypted bytecode is sent to the attacker's remote server, resulting in the theft of funds. Those affected are mainly users who downloaded the Bittensor PyPi package and performed transfers, pledges, delegations, etc. between May 22 and 29. The Bittensor Foundation has removed the malicious package from PyPi and conducted a comprehensive review of the code, and no other vulnerabilities have been found.
To contain the losses, the Bittensor Foundation has placed the validation nodes behind a firewall and enabled safe mode on Subtensor. The Bittensor blockchain has suspended all transactions until the vulnerability is fixed. The Foundation is working with trading platforms to try to recover the stolen funds.
The Bittensor Foundation said it will learn from the lessons, improve the software package verification process, increase the frequency of external audits, and improve security standards and monitoring levels. The Foundation calls on users to transfer funds to new wallets as soon as possible and upgrade to the latest version of the Bittensor software package.