BitTensor Malicious PyPi Private Key Leak

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

BitTensor Logo/Homepage

Bittensor offers an open-source, decentralized, artificial intelligence platform. It aims to decentralize economies and commodities, reducing reliance on centralized entities. The Bittensor blockchain experienced a temporary halt following an attack on user wallets, resulting in an $8 million loss of TAO tokens from one wallet. This incident caused TAO prices to drop by 15%. The attack, suspected to be due to a private key leak from a corrupt PyPi package, prompted Bittensor to enter "safe mode," halting transactions to prevent further losses. Investigations are ongoing, with the blockchain's security team working to understand the nature of the attack and mitigate future risks.^{[1][2][3][4][5][6][7][8][9][10]}

About BitTensor

"BitTensor is pioneering the decentralized production of artificial intelligence."

"There is no greater story than people's relentless and dogged endeavor to overcome repressive regimes. Whether we notice it or not, centralized firms, markets and authorities are engaged in a never-ending disempowerment of human people's autonomy. Bittensor is creating a new future for humanity, where new economies and new commodities are decentralized by design and where no single entity is a sole authority."

"Bittensor is an open source platform on which you can produce competitive digital commodities. These digital commodities can be machine intelligence, storage space, compute power, protein folding, financial markets prediction, and many more. You are rewarded in TAO when you produce best digital commodities."

"Each category of the digital commodity is produced in a distinct subnet. Applications are built on these specific subnets. End-users of these applications would be served by these applications.

Subnets, which exist outside the blockchain and are connected to it, are off-chain competitions where only the best producers are rewarded. A subnet consists of off-chain subnet validators who initiate the competition for a specific digital commodity, and off-chain subnet miners who compete and respond by producing the best quality digital commodity.

Scores are assigned to the top subnet miners and subnet validators. The on-chain Yuma Consensus determines the TAO rewards for these top performers. The Bittensor blockchain, called subtensor, runs on decentralized validation nodes, just like any blockchain."

"You can be a consumer of a subnet's digital commodity. Or if you are a subject-matter expert, for example an ML practitioner, then be a subnet miner, produce best predictions for your customer and earn TAO. Or, you can be a subnet validator, find markets, enterprises, small-businesses, application developers or end-users, for these digital products, generate revenue and earn TAO. Or you can just be a subnet owner and create fertile grounds for the growth of your subnet validators and subnet miners and earn TAO."

"As the native token of Bittensor, TAO plays a central role in the network’s economy. As Bittensor’s network grows, the utility of TAO could expand beyond simple transactions to include governance, staking, and access to premium services, which could increase its value and demand."

The Reality

"While blockchain protocols themselves may be secure, the tools developers use to interact with them can become unexpected points of failure."

What Happened

"The path of the TAO led straight to the hacker's wallet, with approximately 32,000 TAO tokens making an unauthorized journey."

Technical Details

"The vulnerability affected users who downloaded the Bittensor PyPi package between May 22 and May 29, or used Bittensor==6.12.2, and then performed certain operations like staking, unstaking, transferring, delegating, or undelegating."

"A malicious package, masquerading as a legitimate Bittensor package, snuck its way into PyPi version 6.12.2.

This trojan horse contained code designed to steal unencrypted coldkey details.

When unsuspecting users downloaded this package and decrypted their coldkeys, the decrypted bytecode was sent to a remote server controlled by the attacker."

"The attack on Bittensor's blockchain unfolded with the precision of a well-practiced qigong routine.

Over a mere 3-hour span, the attacker managed to compromise multiple high-value wallets, making off with approximately 32,000 TAO tokens."

Total Amount Lost

"approximately 32,000 TAO tokens."

The total amount lost has been estimated at $8,000,000 USD.

Immediate Reactions

"Bittensor initially announced in their Discord that a number of their wallets were attacked, going on to state that they’re investigating and have halted all on-chain transactions as a precaution."

"The Bittensor team swiftly responded to the situation by immediately halting all network operations, taking decisive action to address the issue at hand.

The network entered "safe mode," allowing blocks to be produced but preventing any transactions from being processed.

This measure was taken to prevent further losses and protect users while a thorough investigation is conducted.

The incident led to a swift 15% decline in the value of the TAO token, demonstrating that in blockchain, as in life, everything flows... including market cap."

"As the Bittensor team scrambled to respond, the crypto community's favorite on-chain sleuth was already on the case."

Ultimate Outcome

"The OTF has taken immediate steps to mitigate the damage:

Removed the malicious 6.12.2 package from the PyPi Package Manager repository.

Conducted a thorough review of Subtensor and Bittensor code on Github.

Worked with exchanges to trace the attacker and potentially salvage funds."

"According to Bittensor’s Telegram, users and stakers are fine. It's just the owners of some validators, subnets and miners that were drained."

"Moving forward, the OTF has promised enhanced package verification, increased outside audit frequency, improved security standards, and increased monitoring moving forward."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References