🔥 Bittensor Suffers $8 Million Security Hack
posted 4 Jul 2024
Bittensor, a decentralized network for AI systems, has reported a hacking incident on July 2 that resulted in the theft of $8 million worth of TAO tokens.
The breach was linked to version 6.12.2 of the PyPi Package Manager, a platform used for distributing Python code packages. According to the report, attackers exploited this system by distributing malicious code that appeared to be a legitimate package from Bittensor, ultimately stealing user keys.
This vulnerability allowed the perpetrators to drain about 32,000 TAO. The incident primarily impacted validators, miners, and subnet operators, sparing ordinary users. The developers have assured that the underlying Bittensor protocol was not compromised.
In response to the breach, network operations were suspended, and validator nodes were secured behind a firewall to mitigate further risks. The implicated version of the PyPi Package Manager has been deactivated.
Bittensor's team is currently conducting a thorough review of the protocol's code to identify other possible attack vectors and is collaborating with the PyPi Package Manager developers to investigate the breach. The network will resume normal operations once this analysis is complete.