Bittensor (TAO) Hack — July 2, 2024
Attack Overview
The Opentensor Foundation (OTF), the organization behind the decentralized AI project Bittensor, identified the root cause of an $8 million security exploit on Bittensor wallets, attributing it to a malicious package upload. $8 million worth of TAO — approximately 32,000 native Bittensor (TAO) tokens — were stolen in the attack.
Timeline of the Attack
The attack began at 7:06 p.m. UTC on July 2, 2024, with the attacker draining funds from affected Bittensor wallets. OTF detected an "abnormality in transfer volume" at 7:26 p.m., subsequently placing the network validators behind a firewall in "safe mode" at 7:41 p.m. to prevent any nodes from connecting to the chain and halt transactions.
Root Cause
According to their post-mortem report, the attacker exploited a compromised version of the PyPi Package Manager to initiate unauthorized fund transfers by masquerading it as a legitimate Bittensor package. When users downloaded the compromised Bittensor package, a script would send details of their cold key details to a remote server controlled by the attacker.
Market Impact
The incident contributed to a 15% decline in the TAO token's value to around $230.
Response & Security Measures
The foundation was working with several crypto exchanges and the broader Bittensor community to try and trace the attacker and potentially salvage victims' funds. OTF said it would enhance its verification process, audit frequency, security standards and monitoring procedures in the future.
Sources