Revisiting the Bittensor Hack What Happened and Unveiling the Cryptographic Vulnerabilities

CoinWorld News Report:
Author: rekt.news, Translation: 0xjs@
On July 2nd, Bittensor’s blockchain was brutally attacked by hackers due to an attack on the PyPi package manager, resulting in a loss of $8 million.
While validators were meditating on their nodes, attackers quietly depleted their wallets at a faster speed than saying “om”.
TAO tokens, approximately 32,000 in number, were directly transferred to the hacker’s wallet without authorization.
The Bittensor team quickly responded to the situation and immediately ceased all network operations, taking decisive action to address the current problem.
The network entered a “safe mode,” allowing block generation but preventing the processing of any transactions.
This measure was taken to prevent further losses and protect users while conducting a thorough investigation.
The incident led to a rapid 15% drop in the value of TAO tokens, indicating that in the blockchain world, just like in life, everything is fluid… including market capitalization.
According to Bittensor’s Telegram message, users and stakers were unharmed. Only some validators, subnets, and miners’ owners had their funds stolen.
Are you ready to unravel this great mystery?
Investigation into the Bittensor Attack
Information Source: Bittensor, ZachXBT
Bittensor initially announced on its Discord that some of their wallets had been attacked and stated that they were investigating the matter, taking precautionary measures by suspending all on-chain transactions.
The attack on the Bittensor blockchain was as precise as a series of practiced qigong movements.
Within a short span of 3 hours, the attackers successfully infiltrated multiple high-value wallets, stealing approximately 32,000 TAO tokens.
When Bittensor’s team responded urgently, the favorite online detective of the crypto community had already joined the investigation.
Shortly after the theft occurred, ZachXBT identified the address where the stolen funds were sent: 5FbWTraF7jfBe5EvCmSThum85htcrEsCzwuFjG3PukTUQYot
Zach has always been a cryptocurrency detective and may have linked this incident to the theft on June 1st when over 28,000 TAO tokens worth $11.2 million were stolen from a TAO holder.
On the second day of the attack, the Opentensor Foundation (OTF) released their post-attack analysis, revealing that the root cause of the attack was the PyPi package manager being compromised.
Here is the evolution of this dumpster fire:
A malicious package disguised as a legitimate Bittensor package infiltrated PyPi version 6.12.2.
This Trojan horse package contained code designed to steal unencrypted cold key details.
When unsuspecting users downloaded this package and decrypted their cold keys, the decrypted bytecode was sent to a remote server controlled by the attacker.
The vulnerability affected users who downloaded the Bittensor PyPi package or used Bittensor==6.12.2 between May 22nd and May 29th and then performed actions such as staking, unstaking, transferring, delegating, or undelegating.
To address this attack, the Bittensor team quickly put the chain into “safe mode,” suspending all transactions while continuing to generate blocks.
This swift action may have prevented further losses but also highlighted the central control maintained by the team in a so-called decentralized network.
OTF immediately took measures to mitigate the damage:
The malicious 6.12.2 package was removed from the PyPi package repository.
A thorough review of Subtensor and Bittensor code on GitHub was conducted.
Collaboration with exchanges to track the attackers and salvage funds as much as possible.
Looking ahead, OTF promises to strengthen package verification, increase external audit frequency, enhance security standards, and strengthen monitoring.
OTF stated that the incident did not impact the blockchain or Subtensor code and that the underlying Bittensor protocol remained uncompromised and secure.
They have also collaborated with multiple exchanges, providing them with detailed information about the attack to track the attackers and salvage funds as much as possible.
As the dust settles, the community begins to ponder how this malicious software managed to bypass PyPi’s defenses and whether this attack is related to the theft on June 1st.
In the world of Bittensor, the path to enlightenment seems to be paved by some empty stolen wallets.
Lessons Learned
The Bittensor hack exposes a serious vulnerability in the crypto ecosystem, namely the reliance on third-party package managers.
While blockchain protocols themselves may be secure, the tools developers use to interact with them can become unexpected points of failure.
This event raises questions about the security practices of PyPi and other software package repositories that the crypto community relies on.
The timing and similarities to the June 1st theft cannot be overlooked.
Are these isolated incidents or part of a broader campaign targeting Bittensor and similar projects?
As OTF collaborates with exchanges to trace the stolen funds, the community eagerly hopes to regain tokens after such a hack, although successfully recovering stolen funds is rare.
Bittensor’s swift action to halt the network highlights the double-edged nature of “decentralized” projects with centralized control.
While it may have prevented further losses, it also underscores the vulnerability of such systems.
In the realm of crypto, the only constant is change, and occasionally, $8 million disappears.
As Bittensor reflects on its security practices, will they find true blockchain enlightenment or continue laying these expensive stepping stones on the path to a more perfect protocol?