The decentralized AI network has put forward a vote for users to decide on the burn. Active voters participating in the proposal will be rewarded with compensatory DAO rewards at a later date.

The exploit, which occurred on July 2, saw a Bittensor user lose 32,000 TAO tokens due to a leaked private key. The incident caused an immediate 15% drop in TAO’s price, hitting a six-month low of $227. The price has since rebounded slightly to $240.

Attack timeline

The attack timeline reveals that the incident began on July 2 at 7:06 P.M. UTC when funds started being transferred out of wallets.

OTF detected the abnormal transfer volume and initiated a war room by 7:25 P.M. UTC, and by 7:41 P.M. UTC, the team had neutralized the attack by placing validators behind a firewall and activating safe mode to prevent nodes from connecting to the chain.

During this period, the network was configured to only produce blocks, halting all transactions to prevent further losses and allowing time for a thorough investigation.

The root cause of the attack was traced back to a malicious package in the PyPi Package Manager version 6.12.2, which compromised user security. The package, posing as a legitimate Bittensor package, contained code designed to steal unencrypted coldkey details.

When users downloaded this package and decrypted their coldkeys, the decrypted bytecode was sent to a remote server controlled by the attacker.

The incident prompted an immediate response from the OTF team, which prioritized the security breach over regular updates and maintenance. The disruption has been a significant test for the network, highlighting both its vulnerabilities and the resilience of its infrastructure.

Aftermath

Despite the severity of the attack, some validators, such as RoundTable 21, confirmed that their delegators’ funds remained secure, emphasizing that the exploit did not impact all users uniformly.

However, the decision to halt the chain has led to a debate within the community about its implications for Bittensor’s claim of decentralization. Critics argue that the ability to pause the chain contradicts the principles of a decentralized AI network, while supporters believe it was necessary to protect users’ assets.

OTF plans to gradually resume normal operations of the Bittensor blockchain, ensuring a safe and responsible approach. Regular progress updates will be provided to the community.

As a precaution, users who suspect their wallets were compromised are advised to create new wallets and transfer their funds once the blockchain resumes normal operation. Additionally, upgrading to the latest version of Bittensor is strongly recommended.

Moving forward, Bittensor will implement enhanced package verification processes, increase the frequency of security audits, adopt best practices in public security policies, and improve monitoring and logging of package uploads and downloads.

The proposed token burn and ongoing security enhancements aim to restore confidence in the TAO ecosystem. The outcome of the vote will play a crucial role in stabilizing and securing the network, with the community eagerly awaiting further updates from the developers.

Mentioned in this article