ChainCatcher news, the decentralized AI network Bittensor officially announced that its community participants experienced a serious security attack on July 2. The Bittensor Foundation has taken urgent action to block further fund outflows and has launched an in-depth investigation into the attack.The attack originated from a malicious program disguised as a legitimate Bittensor package in the PyPi package manager version 6.12.2. When users downloaded this package and decrypted their cold wallet keys, the decrypted bytecode was sent to the attacker's remote server, resulting in stolen funds. The users primarily affected were those who downloaded the Bittensor PyPi package and performed transactions, staking, delegation, and other operations between May 22 and 29. The Bittensor Foundation has removed the malicious package from PyPi and conducted a comprehensive review of the code, finding no other vulnerabilities at this time.To mitigate losses, the Bittensor Foundation has placed validation nodes behind a firewall and activated a security mode on Subtensor. The Bittensor blockchain has paused all transactions and will not resume normal operations until the vulnerabilities are fixed. The foundation is working with trading platforms to attempt to recover the stolen funds.The Bittensor Foundation stated that it will learn from this incident, improve the package verification process, increase the frequency of external audits, and enhance security standards and monitoring levels. The foundation urges users to transfer their funds to new wallets as soon as possible and to upgrade to the latest version of the Bittensor package.