Bittensor Halts Network After Users Fall Victim To Malicious Python Software

Victims who downloaded the software and decoded their keys suffered roughly $8 million in losses.

By: Mehab Qureshi Loading...

Bittensor Halts Network After Users Fall Victim To Malicious Python Software

The Bittensor network was brought to a halt after multiple users were targeted by hackers.

On July 2, Bittensor’s co-founder, Ala Shaabana, announced that the Bittensor team placed the network in “safe mode” by halting all network activity after several users suffered losses of 32,000 worth roughly $8 million.

“Due to an attack that affected multiple participants in the Bittensor community… we took the decision to place the Opentensor Chain Validators behind a firewall and entered safe mode on Subtensor,” the Opentensor Foundation (OTF) tweeted.

On the following day, Bittensor published a post-mortem revealing that the attack originated from malicious software published on the Python Package Index (PyPi) — apackage repository for the Python programming language.

The report said the PyPi Package Manager Bittensor version 6.12.2 masqueraded as a legitimate Bittensor package but contained code designed to steal users’ unencrypted private keys. If a user downloaded the package and decrypted their coldkeys, the information was sent to a server controlled by the attacker — allowing them to take control of a victim’s wallet.

“The OTF team removed the malicious 6.12.2 package from the PyPi Package Manager repository,” The Opentensor Foundation said. “This attack DID NOT affect the blockchain or Subtensor code, and the underlying Bittensor protocol remains uncompromised and secure.

The Opentensor Foundation said it intends to resume normal operations after conducting a thorough code review examining “all other possible attack vectors.” The foundation added that it is in communication with PyPi’s maintainers to investigate the breach and prevent future incidents.

OTF also urged users to upgrade to the latest version of Bittensor, and for users who suspect their wallets were compromised to create a new wallet and transfer their funds once the network resumes operations.

Bittensor is an open-source protocol that powers a decentralized, blockchain-based machine-learning network. Bittensor is among the largest AI-focused crypto projects, boasting a market cap of $1.5 billion, according to CoinGecko.

The price of Bittensor’s TAO token tumbled more than 20% amid the turmoil, with the move accentuated by bearish momentum in the broader crypto markets.