The Opentensor Foundation (OTF), which oversees the decentralized AI project Bittensor (TAO -4.56%), has pinpointed the cause of an $8 million security breach involving Bittensor wallets. According to a post-mortem report, the exploit was due to a malicious package upload.
The attack commenced at 7:06 p.m. UTC on July 2, when the attacker began siphoning funds from the compromised Bittensor wallets. At 7:26 p.m., OTF detected an “abnormality in transfer volume” and by 7:41 p.m., network validators were placed behind a firewall in “safe mode” to prevent further node connections and halt transactions, allowing for investigation.
“The attack was traced back to the PyPi Package Manager version 6.12.2, where a malicious package was uploaded, compromising user security,” stated OTF.
The compromised Bittensor PyPI package, a Python library for network interaction, contained code designed to steal private keys. Users who downloaded this package and decrypted their keys had their information sent to a remote server controlled by the attacker, leading to the theft of funds.
Users who downloaded the malicious package between May 22 and May 29 and performed specific staking, voting power delegation, or transfer operations were likely affected. Those who did not perform these operations or used a third-party application were likely unaffected. The attack did not compromise the blockchain itself, and the Bittensor protocol remains secure.
Mitigating the Vulnerability and Tracing the Attacker
The OTF has removed the malicious 6.12.2 package from the PyPi Package Manager repository and continues to review the Bittensor code on GitHub, finding no additional vulnerabilities. Once the code review is complete, normal blockchain operations will gradually resume. According to a Bittensor block explorer, the last transaction was finalized around 35 hours ago.
The foundation recommends that affected users create a new wallet and transfer their funds once the blockchain resumes. It also advises upgrading to the latest Bittensor version.
OTF is collaborating with several crypto exchanges and the broader Bittensor community to trace the attacker and potentially recover stolen funds. The foundation will provide another update within 24 hours and plans to enhance its verification processes, audit frequency, security standards, and monitoring procedures.
$8 Million Worth of TAO Stolen
Bittensor core developers halted the blockchain network following the suspected security exploit, as first noted by on-chain analyst ZachXBT. “Bittensor was halted due to additional thefts earlier today potentially as a result of private key leakage,” he explained in a Telegram update. Approximately $8 million worth of TAO (around 32,000 native Bittensor tokens) were stolen in the attack.
The incident contributed to a 15% decline in the TAO token’s value, dropping to around $230 on Wednesday. TAO is currently trading at $227.59, down 3.5% over the past 24 hours.