Description
5:35 PM UTC on July 2, 2024
The Bittensor network was placed into a transaction-halting safe mode, shortly after the initial detection of the hack, to allow the team to investigate the root cause and secure the network before restoring normal operations.
**Attack Vector and Scope:
* The attack targeted a number of Bittensor wallets, suggesting it was not limited to a single wallet or user.
* The attacker was able to gain access to private keys, likely through a vulnerability in the wallet software or infrastructure.
* The hack occurred on-chain, meaning the attacker exploited a flaw in the Bittensor blockchain protocol itself.
**Impact and Response:
* The attack caused significant disruption, prompting the Bittensor team to halt all transactions as a precaution.
* The team prioritized investigating the root cause and securing the network over regular development work for at least a week.
* Putting the network in "safe mode" for 24+ hours suggests the team needed time to assess the damage, secure the network, and develop a plan to restore normal operations.
**Potential Causes:
* A vulnerability in the wallet software or infrastructure that allowed private key theft.
* A bug in the Bittensor blockchain protocol that enabled unauthorized access to wallets.
* Potential insider threat or social engineering attack to gain access to private keys.
**Lessons Learned
* The need for robust security practices, regular audits, and bug bounty programs to identify and fix vulnerabilities.
* Importance of secure key storage and management to prevent private key exposure.
* Value of network monitoring and incident response plans to quickly detect and mitigate attacks.
* Challenges of restoring trust and reputation after a major hack.
Overall, the Bittensor hack highlights the security risks and potential consequences of vulnerabilities in blockchain projects. Thorough security practices and incident response planning are critical to protect users and maintain network integrity.
** Detail:
The below is likely the wheel file for the malicious version of 6.12.2:
http-v2/e/2/d/9/3/e2d9300f3cc49f3a1fb8287437fc254b3ad20ba1b1f2f1cfdd934808