Security

Opentensor Foundation Addresses Bittensor Security Breach

The Opentensor Foundation, the development team behind the Bittensor chain, has tackled a recent security breach affecting the network, impacting several community members. The foundation insisted that prompt actions were implemented to mitigate the attack and prevent future incidents.

Malicious Package on PyPi Triggers Security Breach on Bittensor Chain

On July 2, at 7:41 p.m. UTC, the Opentensor Foundation activated safe mode on Subtensor and placed Opentensor chain validators behind a firewall following a significant security breach. The incident involved a malicious package uploaded to the PyPi Package Manager, which compromised user security by stealing unencrypted coldkey details. The latest update noted that teams responded swiftly, halting transactions and initiating a comprehensive analysis of the situation.

The breach was identified shortly after it began at 7:06 p.m. UTC when an unusual transfer volume was detected. The Opentensor Foundation stated that the team quickly assembled a response team to address the issue, successfully neutralizing the attack within 35 minutes. The malicious package, masquerading as a legitimate Bittensor package, sent decrypted coldkey bytecode to a remote server controlled by the attacker, compromising users who had downloaded the affected version.

The foundation disclosed that participants impacted by this breach included those who used Bittensor version 6.12.2 and performed specific operations such as staking and transferring tokens. The foundation’s analysis suggests that users who did not engage in these operations or used third-party applications during the specified period were likely unaffected. Both teams continue to investigate the root cause and have implemented measures to prevent future incidents.

What do you think about the recent Bittensor security breach? Share your thoughts and opinions about this subject in the comments section below.

Source

Click to rate this post!
[Total: 0 Average: 0]
Show More

Leave a Reply

Your email address will not be published. Required fields are marked *