[io.net responds to GPU metadata attack]
io.net, a decentralized physical infrastructure network (DePIN), recently suffered a security attack. Malicious users used exposed user ID tokens to launch SQL injection attacks and modify the GPU network without authorization. Device metadata in . Chief Security Officer Husky.io responded promptly and carried out remediation and security upgrades to ensure hardware security.
The attack was discovered on April 25 at 1:05 AM PST due to a spike in write operations to the GPU Metadata API. In response, io.net added SQL injection checks and enhanced logging on the API, and deployed authentication solutions from Auth0 and OKTA to plug security holes related to universal authorization tokens.
However, the security update coincided with a snapshot of the rewards program, causing the normal operating API to become inaccessible and the number of GPU connections dropped from 600,000 to 10,000. To this end, Ignition Rewards Season 2 was launched in May to re-incentivize supply-side participation.
The attack stems from a vulnerability introduced when implementing the proof-of-work mechanism. An attacker could exploit a vulnerability to change device metadata without user-level authentication using a valid global authentication token.
Husky.io emphasizes the importance of ongoing in-depth review and penetration testing of public endpoints in order to detect and neutralize threats early. In addition, io.net plans to integrate Apple silicon hardware in March to enhance its artificial intelligence and machine learning services to further ensure network security and efficiency.
