In a report on Thursday, Bittensor (TAO) revealed that a malicious PYPi package disguised as an authentic Bittensor package caused its $8 million network breach. Following the report, TAO is down over 3%, stretching its weekly losses to about 20%.
The Opentensor Foundation, the organization behind decentralized protocol Bittensor, released a report that unveiled the cause of its network's attack on Tuesday.
The report stated that the security flaw that resulted in an $8 million breach on Bittensor wallets originated from a malevolent upload masquerading as a legitimate Bittensor package, opening the door for a heist on the network.
The attack started around 7:06 PM. UTC on Tuesday, with the attacker shipping money from the compromised Bittensor wallets and transferring it to their own.
At 7:26 PM, the Opentensor Foundation discovered the anomaly and suspended all transactions by putting the network validators in "safe mode" behind a firewall to prevent further exposure to the attack.
Upon nullification of the attack, the team discovered the victims of the attack to be participants who either used or downloaded the Bittensor PYPi Package Manager 6.12.2 between May 22 and May 29. Users who staked, stored their funds during the process, or used a third-party application may have been affected.
Following the report, Bittensor's native token TAO is down more than 3% in the past 24 hours, stretching its weekly losses to 20%.
TAO has been declining for over a month, shedding more than 40% of its value in the process. The recent security breach could strengthen bearish sentiment surrounding TAO, leading to potential further price declines.