PANews reported on July 4 that the OpenTensor Foundation (OTF) has started voting on a proposal to destroy 10% of the Bitttensor (TAO) supply. The proposal aims to stabilize the token price in response to the recent vulnerability that caused token losses.
In addition, regarding the root cause of the attack, the OpenTensor Foundation stated that the attack was traced back to PyPi package manager version 6.12.2, in which a malicious package was uploaded, compromising user security. The malicious package disguised as a legitimate Bitttensor package, contains code for stealing unencrypted cold private key details. When a user downloads this package and decrypts their cold private key, the decrypted bytecode is sent to a remote server controlled by the attacker. Regarding mitigation measures, the OTF team has removed the malicious 6.12.2 version package from the PyPi package manager library, and is conducting a detailed review of the Subtensor and Bittensor codes on Github to ensure that there are no other attack vectors. No other vulnerabilities have been found so far. The code base will continue to be thoroughly reviewed and evaluated, and all other possible attack vectors will be fully evaluated. The code base will continue to be thoroughly reviewed and evaluated, and all other possible attack vectors will be fully evaluated. OTF pointed out that the attack did not affect the blockchain or Subtensor code, and the underlying Bitttensor protocol remains intact and secure. After the code review is completed, Opentensor will gradually resume the normal operation of the Bitttensor blockchain, allowing transactions to flow again.
Earlier yesterday, according to ZachXBT monitoring, 32,000 TAOs worth $8 million were stolen from a certain address in the Bittensor security incident.