Tensor

OpenTensor Foundation: A mechanism is being established to ensure the safety of funds, and normal operation of the Bittensor chain will be restored as soon as possible

ChainCatcher news, the OpenTensor Foundation stated on social media that the team is committed to restoring the normal operation of the Bittensor blockchain as soon as possible. The current top priority is to ensure the security and integrity of the system, ensuring that no additional wallets are compromised and that no more funds are at risk.The official statement indicates that efforts are ongoing to establish a mechanism to ensure the safety of at-risk funds.ChainCatcher previously reported that the decentralized AI network Bittensor officially announced that its community participants experienced a serious security attack on July 2. The Bittensor Foundation has taken emergency actions to halt further fund outflows and is conducting an in-depth investigation into the attack.The attack originated from a malicious program disguised as a legitimate Bittensor package in version 6.12.2 of the PyPi package manager. When users downloaded this package and decrypted their cold wallet keys, the decrypted bytecode was sent to the attacker's remote server, resulting in stolen funds. The main victims were users who downloaded the Bittensor PyPi package and performed transactions, staking, and delegation between May 22 and 29. The Bittensor Foundation has removed the malicious package from PyPi and conducted a comprehensive review of the code, finding no other vulnerabilities at this time.To mitigate losses, the Bittensor Foundation has placed validation nodes behind a firewall and activated security mode on Subtensor. The Bittensor blockchain has suspended all transactions and will only resume normal operations after the vulnerabilities are fixed. The foundation is working with trading platforms to attempt to recover the stolen funds.The Bittensor Foundation stated that it will learn from this incident, improve the package verification process, increase the frequency of external audits, and enhance security standards and monitoring levels. The foundation urges users to transfer their funds to new wallets as soon as possible and to upgrade to the latest version of the Bittensor package.

Bittensor: PyPi package vulnerability triggers hacker attack, collaborating with trading platforms to recover funds

ChainCatcher news, the decentralized AI network Bittensor officially announced that its community participants experienced a serious security attack on July 2. The Bittensor Foundation has taken urgent action to block further fund outflows and has launched an in-depth investigation into the attack.The attack originated from a malicious program disguised as a legitimate Bittensor package in the PyPi package manager version 6.12.2. When users downloaded this package and decrypted their cold wallet keys, the decrypted bytecode was sent to the attacker's remote server, resulting in stolen funds. The users primarily affected were those who downloaded the Bittensor PyPi package and performed transactions, staking, delegation, and other operations between May 22 and 29. The Bittensor Foundation has removed the malicious package from PyPi and conducted a comprehensive review of the code, finding no other vulnerabilities at this time.To mitigate losses, the Bittensor Foundation has placed validation nodes behind a firewall and activated a security mode on Subtensor. The Bittensor blockchain has paused all transactions and will not resume normal operations until the vulnerabilities are fixed. The foundation is working with trading platforms to attempt to recover the stolen funds.The Bittensor Foundation stated that it will learn from this incident, improve the package verification process, increase the frequency of external audits, and enhance security standards and monitoring levels. The foundation urges users to transfer their funds to new wallets as soon as possible and to upgrade to the latest version of the Bittensor package.

Bittensor proposes to destroy 10% of the TAO token supply to stabilize the token price

ChainCatcher news, the OpenTensor Foundation (OTF) has initiated a proposal vote to burn 10% of the Bittensor (TAO) supply, aimed at stabilizing the token price in response to a recent vulnerability that led to token losses.Additionally, regarding the root cause of the attack, the OpenTensor Foundation stated that the attack traced back to version 6.12.2 of the PyPi package manager, where a malicious package was uploaded, compromising user security. This malicious package disguised itself as a legitimate Bittensor package and contained code to steal unencrypted cold private key details. When users downloaded this package and decrypted their cold private keys, the decrypted bytecode was sent to a remote server controlled by the attacker.Regarding mitigation measures, the OTF team has removed the malicious version 6.12.2 package from the PyPi package manager repository and is conducting a thorough review of the Subtensor and Bittensor code on GitHub to ensure there are no other attack vectors. No additional vulnerabilities have been found so far, and the team will continue to thoroughly review and assess the codebase and conduct a comprehensive evaluation of all other potential attack vectors.OTF pointed out that this attack did not affect the blockchain or Subtensor code, and the underlying Bittensor protocol remains intact and secure. Once the code review is complete, Opentensor will gradually restore normal operations of the Bittensor blockchain, allowing transactions to flow again.ChainCatcher previously reported that in response to the Bittensor on-chain wallet attack incident, on-chain detective ZachXBT monitored and found that 32,000 TAO (worth $8 million) were stolen from an address starting with 5FbWTr.
ChainCatcher Building the Web3 world with innovators