According to Foresight News, the OpenTensor Foundation said that the decentralized AI network Bittensor suffered an on-chain attack on July 2. The attack originated from a malicious package in PyPi Package Manager version 6.12.2, which compromised user security. The attacker stole unencrypted cold key details through malicious code disguised as a legitimate Bittensor package. The official has now removed the malicious package and is conducting a comprehensive review of the code base, and no other vulnerabilities have been found. The OpenTensor Foundation will gradually restore the normal operation of the Bittensor blockchain and recommends that users upgrade to the latest version to ensure safety.
In addition, the official will also implement enhanced package verification (stricter access and verification processes for packages uploaded to PyPi and all external packages and integrations to detect and prevent malicious code),
Increase the frequency of external audits (increase the frequency of regular security audits of all software packages by external security companies to identify and prevent future vulnerabilities), strengthen security standards and monitoring.
