Bittensor, a decentralized AI network, suffered a major security breach on July 2, resulting in the theft of $8 million worth of TAO tokens. The OpenTensor Foundation (OTF), the organization behind Bittensor, has taken immediate action to minimize the damage. In their postmortem report on July 3, the OTF identified a malicious package in the PyPi Package Manager as the main cause of the breach.
The compromised package disguised itself as a legitimate Bittensor library but contained code specifically designed to steal unencrypted cold key details. This stolen information was then sent to a remote server controlled by the attacker. The attack began at 7:06 P.M. UTC, with the attacker transferring funds from compromised wallets to their own. By 7:25 P.M., abnormal transfer volumes were detected by the OTF, prompting them to initiate a “war room” to address the issue.
To prevent further damage, the network was placed in “safe mode” by 7:41 P.M., halting all transactions. Validators were also placed behind a firewall during this time. The breach affected users who downloaded the PyPi Package Manager version 6.12.2 between May 22 and May 29 and performed specific operations such as staking, wallet transfers, or delegation.
Once the malicious package was discovered, the OTF promptly removed it from the PyPi Package Manager repository and conducted a thorough review of the Subtensor and Bittensor code on GitHub. No other vulnerabilities were found, but the team is continuing to assess the code base and investigate possible attack vectors. The OTF is also working with various exchanges to trace the attacker and potentially recover the stolen funds.
Affected users will be able to create new wallets and transfer funds once normal operations resume. It is strongly recommended that users upgrade to the latest version of Bittensor for enhanced security. The OTF has pledged to provide regular updates to the community and is implementing additional security measures to prevent future incidents.
Despite the security breach, some validators have reported that their delegators’ funds remain secure. The Bittensor community has actively supported the mitigation efforts, with many participants working alongside the OTF. The OTF co-founder, Ala Shaabana, assured in the postmortem report that the attack had been contained, and the team is investigating all possibilities. The underlying Bittensor protocol and Subtensor code were unaffected by the breach.
Bittensor has announced the implementation of enhanced security measures to prevent future exploits. The OTF will provide another comprehensive update within 24 hours and hold a Q&A session to address any remaining questions or concerns from the community.
