Bittensor's Response to Recent Attack: Enhanced Security Measures and Path Forward

Understanding the Attack

On May 22, 2023, during a chain upgrade to allow subnet owners to reduce their take from 18% to 9%, a malicious package was injected into the Bittensor PyPi repository. This occurred due to a gap between the chain upgrade and the corresponding package update, creating a window of vulnerability.

The compromised package was available for download between May 22 and May 29, potentially affecting users who installed or updated Bittensor during this period. The full extent of the impact remained unclear until July 2, when a significant movement of funds was detected.

Immediate Response

Upon discovery of the attack, the Bittensor team took decisive action:

1. Manifold Labs detected and reported the suspicious fund movements within 25 minutes.
2. The Toats team quickly reached out to exchanges, managing to lock a substantial portion of the compromised funds.
3. The chain was put into "safe mode" and firewalled to prevent further unauthorized transactions.

These rapid responses helped mitigate the impact of the attack and protect users' funds to the extent possible.

Enhanced Security Measures

In response to this incident, Bittensor is implementing a series of enhanced security measures:

1. Cold Key Swap Function: A new "scheduled cold key swap" function will be introduced, allowing users to securely move funds from at-risk wallets to new, secure wallets.
2. Proof of Work Mechanism: To prevent spam and Sybil attacks, the cold key swap function will require a proof of work, with difficulty increasing exponentially for multiple submissions.
3. Arbitration Process: In cases where both a user and a potential attacker attempt to swap the same key, an arbitration process involving the Bittensor Senate will be implemented.
4. Community Audit Program: Bittensor is exploring the implementation of a community audit program, leveraging the expertise within its user base to identify potential vulnerabilities.
5. ISO Compliance: The team is working towards strict ISO compliance for PyPi packages, automatic key rotation, and CI-based abstraction.
6. Multi-signature Keys: Future developments will include native multi-signature key support in the BTC wallet.
7. Air-gapped Transactions: Plans are in place to implement air-gapped transaction signing using QR codes or files for enhanced security.

Reopening the Chain: A Phased Approach

Bittensor has outlined a careful, phased approach to reopening the chain:

1. July 8, 2 PM EST: The firewall will be lifted, allowing users to view the chain state. Weight setting will be enabled, but most other functions will remain in safe mode.
2. July 8-11: Users can use the scheduled cold key swap function to move funds from potentially compromised wallets.
3. July 11, 2 PM EST: The first scheduled swaps will execute, and the chain will return to normal operation.

This phased approach aims to provide users with a secure window to protect their funds while minimizing the risk of further attacks.

Governance and Arbitration

In cases where key ownership is contested, Bittensor will implement an on-chain voting system leveraging the Senate. This process will help resolve disputes and ensure that funds are returned to their rightful owners.

The arbitration process will involve:

1. Creation of a unique proposal for each contested cold key
2. Senate voting on the legitimate owner
3. Continuous availability of proposals for review and voting

This system not only addresses the immediate need for dispute resolution but also serves as a stepping stone towards more robust on-chain governance for Bittensor.

Long-term Vision and Decentralization

Looking ahead, Bittensor is committed to using this incident as a catalyst for positive change. Key goals include:

1. Fully decentralizing chain nodes by the end of 2025
2. Transitioning control of the Bittensor Python package to a more decentralized, open-source process
3. Implementing on-chain governance through the Senate, subnet owners, and contributors across the stack

These objectives align with Bittensor's vision of becoming a more secure, decentralized, and community-driven network.

Community Involvement and Support

The Bittensor team has emphasized the crucial role of community involvement in the recovery and improvement process. They are exploring several initiatives to foster this engagement:

1. Bounty Programs: Implementing white hat bounty programs to incentivize security research and responsible disclosure of vulnerabilities.
2. Validator Program: Funding core Bittensor developers through a dedicated validator program.
3. Open Communication: Maintaining transparent communication channels to keep the community informed and involved in decision-making processes.
4. Community Audits: Encouraging and facilitating community-led code audits to leverage the collective expertise of the Bittensor ecosystem.

Lessons Learned and Future Precautions

This security incident has highlighted several areas for improvement in Bittensor's development and deployment processes:

1. Synchronous Updates: Ensuring that chain upgrades and corresponding package updates occur simultaneously to eliminate vulnerability windows.
2. Access Control: Implementing stricter access controls and key management practices for critical operations like package uploads.
3. Regular Security Audits: Committing to more frequent and comprehensive security audits, both internal and external.
4. Improved Monitoring: Enhancing real-time monitoring systems to detect and respond to suspicious activities more quickly.

Conclusion

While the recent security breach has presented significant challenges, the Bittensor team and community have demonstrated resilience and a commitment to improvement. The comprehensive response plan, including enhanced security measures and a phased reopening of the chain, showcases the project's dedication to protecting its users and strengthening the network.

As Bittensor moves forward, the focus on decentralization, community involvement, and robust security practices positions the project for long-term success. The incident, while unfortunate, has catalyzed important improvements that will benefit the entire Bittensor ecosystem in the future.

Users are encouraged to stay informed about the upcoming cold key swap process and to participate actively in the community's ongoing efforts to enhance network security and governance. With continued collaboration between the development team and the user base, Bittensor is poised to emerge from this challenge stronger and more resilient than ever.

Source : @Opentensor Foundation