Hack Explained - Bittensor

Hack Explained - Bittensor


2 min read

Bittensor is a decentralised network that facilitates collaboration among various machine learning models owned by individuals globally, valued at around $1.6 billion. Bittensor experienced a severe security breach, resulting in the theft of approximately $8 million worth of TAO tokens. The breach was primarily due to a compromised PyPi package, which contained malicious code aimed at stealing private keys.

Behind the Breach

The attack on Bittensor occurred through a compromised version of the PyPi Package Manager, specifically version 6.12.2, which contained code to extract unencrypted coldkey details from users. This vulnerability allowed the attacker to gain unauthorised access to multiple high-value wallets, draining around 32,000 TAO tokens. The malicious package was downloaded by users between May 22 and May 29, making those users the primary victims of this exploit.

Following the detection of the breach, Bittensor promptly halted all network operations and placed the blockchain in "safe mode." This mode allowed blocks to be produced without processing any transactions, effectively preventing further losses while the team investigated the attack.

Lessons from the Incident

This incident underscores the critical importance of verifying the integrity of software dependencies.

To mitigate such vulnerabilities in the future, the following controls are recommended:

  • Enhanced Package Verification: Implementing robust checks and cryptographic verification for all software dependencies can prevent the introduction of malicious code.

  • Security Assessment: Regular security assessments of software can help detect threats more effectively.

  • Improved Private Key Security Standards: Adopting industry best practices for private key management, including the use of hardware wallets and multi-signature can enhance security.

Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.