Bittensor proposes to destroy 10% of the TAO token supply in order to stabilize the token price

ChainCatcher reports that the OpenTensor Foundation (OTF) has initiated a proposal vote to destroy 10% of Bittensor's (TAO) supply in order to stabilize the token price, responding to recent vulnerabilities that have led to token losses.

Furthermore, regarding the root cause of the attack, OTF stated that it traced back to version 6.12.2 of PyPi package manager where a malicious package was uploaded compromising user security. This malicious package disguised as a legitimate Bittensor package contained code for stealing unencrypted cold private key details. When users downloaded this package and decrypted their cold private keys, the decrypted bytecode would be sent to a remote server controlled by attackers.

As for mitigation measures, OTF team has removed the malicious version 6.12.2 from PyPi's library and is meticulously reviewing Subtensor and Bittensor codes on Github ensuring no other attack vectors exist; so far no other vulnerabilities have been found but they will continue thoroughly reviewing and assessing their codebase against all possible attack vectors.

OTF pointed out that this attack did not affect blockchain or Subtensor codes; underlying Bittensor protocol remains intact and secure. Once code review is completed, Opentensor will gradually resume normal operations of Bittensor blockchain allowing transactions flow again.

Previously reported by ChainCatcher about an on-chain wallet attack incident targeting Bittensor: Blockchain detective ZachXBT detected theft from an address starting with 5FbWTr - approximately 32 thousand TAO tokens were stolen worth $8 million.