Bittensor Proposes 10% TAO Burn to Recover from $8 Million Exploit

Major Exploit Rocks Bittensor: $8 Million in TAO Tokens Stolen

Bittensor, a decentralized AI network, faced a significant exploit on July 2, 2024, resulting in the loss of $8 million worth of TAO tokens, equivalent to 32,000 TAO, according to blockchain investigator ZachXBT. This breach occurred due to a leaked private key, which allowed the attacker to drain assets from users' wallets. 

The incident began at 7:06 P.M. UTC, with the funds being transferred out swiftly. By 7:25 P.M. UTC, abnormal transfer volumes were detected, prompting the creation of a war room. Within 15 minutes, validators were placed behind a firewall, and safe mode was activated to prevent nodes from connecting to the chain, effectively neutralizing the attack by 7:41 P.M. UTC.

The root cause was identified as a malicious package in the PyPi Package Manager, version 6.12.2, masquerading as a legitimate Bittensor package. This package contained code designed to steal unencrypted coldkey details and send them to a remote server controlled by the attacker. 

The Bittensor team quickly confirmed the incident and put the chain in "safe mode," allowing only block production while halting all transactions. Regular software updates were postponed until the chain could be fully restored. Co-founder Ala Shaabana assured that the attack had been contained and that the team was investigating all possibilities. Despite the exploit, some validators, such as RoundTable 21, reported their delegators' funds remained secure. 

The immediate consequence was a 15% drop in the price of TAO, hitting a six-month low of $227 before slightly rebounding to $240, then falling again due to the bearish market sentiment at the time of writing. 

In response to the attack, Bittensor's developers paused all blockchain transactions to investigate and mitigate the issue. The OpenTensor Foundation (OTF) proposed burning 10% of the TAO supply to stabilize the token's price and restore confidence, with users invited to vote on the proposal. 

This sparked a community debate on the decentralization claims of Bittensor, with critics arguing that the ability to halt the chain contradicted decentralization principles, while supporters deemed it necessary for asset protection.

The OTF outlined a recovery plan to gradually resume normal operations, with regular updates to the community. Users were advised to create new wallets and transfer their funds once normal operations resumed. Upgrading to the latest version of Bittensor was strongly recommended. 

To prevent future exploits, Bittensor plans to implement enhanced package verification processes, increase the frequency of security audits, adopt best practices in public security policies, and improve monitoring and logging of package uploads and downloads. These measures aim to bolster the security infrastructure and restore confidence in the TAO ecosystem.