Halborn Logo

// Blog

Explained: Hacks

Explained: The Bittensor Hack (July 2024)


profile

Rob Behnke

July 8th, 2024


In July 2024, Bittensor users were the victims of an $8 million hack. The attacker distributed malicious code that, when executed on their computers, stole users’ private keys.

Inside the Attack

The Bittensor hack was an example of a supply chain hack using PyPI. PyPI is a site that hosts packages for the Python programming language. Many legitimate Python packages are distributed via PyPI, which makes it easy for developers to import advanced functionality into their Python code.

Anyone can distribute packages via PyPI, which creates the potential for malicious code to be distributed using names that look like legitimate projects. However, in this case, the malicious file was uploaded as version 6.12.2 of the official Bittensor code, indicating that the attacker must have gained access to the Bittensor PyPI account or injected malicious code into the Bittensor codebase before it was uploaded as version 6.12.2.

The Bittensor hack affected users who downloaded and used version 6.12.2 of the code. Once it was imported, the malware looked for actions such as adding/removing stake, transferring wallets, delegating/undelegating or setting take for root, or registering a subnet. These operations require access to the user’s coldkey, and, once it was decrypted, the malware could steal it.

With access to users’ coldkeys, the attacker could drain value from their wallets. In total, an estimated $8 million was stolen from Bittensor users.

After discovering the incident, the Bittensor team froze their blockchain to prevent further thefts. It also removed the malicious package from PyPI and performed an audit of its code on GitHub to identify that no additional malicious functionality was added to the codebase. Long term, the team also plans to take steps to prevent similar incidents from occurring in the future.

Lessons Learned from the Attack

The Bittensor code is a classic example of a software supply chain attack. Bittensor distributes code to users, who trust that code to be legitimate. The attacker managed to insert malicious functionality into seemingly legitimate code, allowing them to install it on many users' computers and steal crypto from them.


Preventing incidents like these requires a strong DevSecOps program that manages code security throughout its lifecycle. This includes restricting access to software repositories, auditing code before release, and controlling access to package managers like PyPI. For help in protecting your project against similar supply chain threats, get in touch with Halborn.