The information provided on Inside Bitcoins is for educational and informational purposes only and should not be considered financial, investment, or trading advice. Cryptocurrency markets are highly volatile, and investing in digital assets carries significant risk. No profits are guaranteed, and you may lose some or all of your investment. Always invest responsibly and only with funds you can afford to lose.
ZackXBT, a renowned on-chain crypto and non-fungible token sleuth, has successfully tracked the infamous suspects of the Bitttensor hack attack. Bittensor suffered an attack on July 04, 2024, that left more than $28 million stolen. The on-chain sleuth ZackXBT has linked the hack attack to a former Bittensor employee. In this article, we shall explore his investigation in more detail.
In an October 15 blog post, ZackXBT confirmed that he has successfully tracked and revealed the perpetrators behind the $28 million Bittensor hack. Bittensor is an open-source, decentralized protocol that creates a global marketplace for artificial intelligence using a blockchain network to incentivize collaborative machine learning. It uses a native cryptocurrency, TAO, to reward participants who contribute valuable AI models and computational power.
Between May and July 2024, 32 $TAO holders experienced unauthorized transfers totaling over $28 million. The Bittensor breach occurred via a compromised PyPi package manager, which allowed attackers to steal unencrypted cold key details. PyPI is a site that hosts packages for the Python programming language. Python packages are distributed via PyPI, which makes it easy for developers to import advanced functionality into their Python code.
The hackers uploaded a malicious file version 6.12.2 of the official Bittensor code, indicating that the attacker must have gained access to the Bittensor PyPI account or injected malicious code into the Bittensor codebase before it was uploaded as version 6.12.2. The Bittensor hack affected users who downloaded and used version 6.12.2 of the code. The incident left users with over $28 million in losses.
In his deep investigation, the on-chain sleuth ‘ZackXBT’ has found that the attackers carried out the theft through a malicious PyPi supply chain attack, then transferred the stolen funds through Bittensor’s native bridge to Ethereum. The hackers have transferred approximately $4.94 million between multiple addresses to the privacy protocol Railgun, ultimately converting it to Monero.
Moreover, criminals have funneled approximately $100,000 of the stolen funds into anime NFTs, exploiting the complexity of NFT transactions to obscure their trail. Before summarizing his defense, ZackXBT noted that it’s extremely rare to see exploits or hacks involve NFT wash trading, and I think the relationship between each address is just too coincidental, given how they were funded before NFT purchases and traded multiple times above the floor price for the collection.
ZackXBT has linked the hack to ‘Rusty’ on X (formerly Twitter), a former Opentensor engineer, deploying an NFT presale that accepted funds from the hack. It’s worth noting that a civil lawsuit was filed against multiple suspects based on these findings earlier this year. Hopefully, law enforcement will eventually move forward with this criminal case now that the evidence has been found.
Read more on InsideBitcoins.com
