jakiro
Author: rekt.news, compile: 0xjs@作 作 作 作 作
On July 2nd, the Bittensor’s blockchain was violently attacked by hackers because the PYPI package manager was attacked and lost $ 8 million.
When the verifications meditated on their nodes, the attacker quietly exhausted their wallet at a faster speed than you said “OM”.
TAO directly turned to hackers’ wallets, about 32,000 TAO tokens experienced unauthorized transfer.
The Bittersor team quickly responded to this situation, immediately stopped all network operations, and took decisive action to solve the current problem.
The network enters the “Security Mode”, allowing blocks to generate blocks but prevent any transactions.
This measure is to prevent further loss and protect users while conducting thorough investigation.
The incident caused the value of the TAO token to fell by 15 %, indicating that in the blockchain, just like in life, everything is flowing … including market value.
According to Bittersor’s Telegram message, both users and pledges are safe and sound.Only part of the verifications, the owner of the subnet and the miners were stolen.
Are you ready to solve this huge mystery?
Bittensor was investigated by the attack event
Source: Bittensor, Zachxbt
Bittensor initially announced on its Discord that some of their wallets were attacked and stated that they were investigating and had stopped all chain transactions due to preventive measures.
The attack on the Bittensor blockchain is as precise as a series of practical qigong.
In just 3 hours, the attacker successfully invaded a number of high -value bags and stole about 32,000 TAO tokens.
When the Bittersor team responded urgently, the most favorite chain detective in the encrypted community had been involved in the investigation.
Shortly after theft, Zachxbt determined the address of the stealing funds: 5FBWTRAF7JFBE5EVCMSTHUM85HTCZWUFJG3PUKTUQYOT
Zach has always been a cryptocurrency detective. He may associate this with an incident on June 1. At that time, a TAO holder was stolen more than 28,000 TAOs and was worth $ 11.2 million when theft.
On the second day of the attack, the OpenTensor Foundation (OTF) announced their post -event analysis.RevealThe root cause of the attack is that the Pypi bag manager is attackedEssence
The following is the evolution process of this digital trash bin fire:
-
A malicious bag is a legitimate Bittensor package and sneaked into the Pypi version 6.12.2.
-
The Trojan hippocampus includes code that aims to steal the cold keys that is not encrypted.
-
When an unsatisfactory user downloads this package and decrypts their cold keys, the decrypted bytecode will be sent to the remote server controlled by the attacker.
The vulnerability affects users who download the Bittensor Pypi package from May 22 to May 29 or use Bittersor == 6.12.2, and then perform operations such as pledge, cancel pledge, transfer, commission or cancel the commission.
In order to respond to this attack, the Bittersor team quickly placed the chain in the “security mode”, suspended all transactions, and continued to generate blocks.
This rapid action may avoid further losses, but it also highlights the team’s central control of the so -called decentralized network.
OTF has immediately taken measures to reduce losses:
-
Delete a malicious 6.12.2 package from the Pypi package manager’s repository.
-
Thoroughly reviewed the Subtensor and Bittersor code on GitHub.
-
Cooperate with the exchanges to track attackers and save funds as much as possible.
Looking forward to the future, OTF promises to strengthen package verification, increase external audit frequency, increase security standards, and strengthen monitoring.
OTF said the incident did not affect the blockchain or Subtersor code, and the underlying Bittersor protocol was still not damaged and safe.
They also collaborated with a number of exchanges to provide them with detailed attacks to track the attackers and save funds as much as possible.
As the dust settled, the community began to think about how this malicious software broke through the defense of PYPI, and whether this attack was related to the theft on June 1.
In the world of Bittersor, the road to awakening seems to be paved by some stolen empty wallets.
What to reveal
Bittensor hacker attacks a serious loophole in the encrypted ecosystem, that is, dependence on third -party bag managers.
Although the blockchain protocol itself may be safe, tools used to interact with them may become an accidental failure point.
This incident aroused questioning the security practice of Pypi and other software packaging storage repository relying on Pypi and the encrypted community.
The time and similarity of the theft on June 1 cannot be ignored.
Are these isolated incidents, or are there a wider range of activities for Bittensor and similar projects?
When OTF cooperates with the exchange to track the stolen funds, the community’s breath will pay attention, hoping to re -get the tokens after this hacking attack, although it can rarely receive the stolen funds.
Bittensor quickly took action to stop the network, indicating “Decentralized “centralized double -edged sword in the project.
Although it may prevent further losses, it also highlights the vulnerability of the system.
In the encryption, the only constant is the change, and occasionally, 8 million US dollars will disappear.
When Bittersor reflects on its security practice, will they find real blockchain inspiration, or are they destined to continue these expensive scoot stones on the road to a more perfect agreement?
