Fun

Io.net responds to GPU metadata attack

News Feed - 2024-04-28 08:04:50

Amaka Nwaokocha12 hours agoIo.net responds to GPU metadata attackThe founder of Io.net will host a livestream on April 28 to demonstrate live cluster creation and calm fear, uncertainty and doubt.11193 Total views4 Total sharesNewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksIo.net, a decentralized physical infrastructure network (DePIN), recently experienced a cybersecurity breach. Malicious users exploited exposed user ID tokens to execute a system query language (SQL) injection attack, which led to unauthorized changes in device metadata within the graphics processing unit (GPU) network.


Husky.io, Io.net’s chief security officer, responded promptly with remedial actions and security upgrades to protect the network. Fortunately, the attack did not compromise the GPUs’ actual hardware, which remains secure due to robust permission layers.


The breach was detected during a surge in write operations to the GPU metadata application programming interface (API), triggering alerts at 1:05 am Pacific Standard Time on April 25.


In response, security measures were reinforced by implementing SQL injection checks on APIs and enhancing the logging of unauthorized attempts. Additionally, a user-specific authentication solution using Auth0 with OKTA was swiftly deployed to address vulnerabilities related to universal authorization tokens.Source: Hushky.io


Unfortunately, this security update coincided with a snapshot of the rewards program, exacerbating an expected decrease in supply-side participants. Consequently, legitimate GPUs that did not restart and update could not access the uptime API, causing a significant drop in active GPU connections from 600,000 to 10,000.


To address these challenges, Ignition Rewards Season 2 has been initiated in May to encourage supply-side participation. Ongoing efforts include collaborating with suppliers to upgrade, restart, and reconnect devices to the network.


The breach stemmed from vulnerabilities introduced while implementing a proof-of-work mechanism to identify counterfeit GPUs. Aggressive security patches before the incident prompted an escalation in attack methods, necessitating continuous security reviews and improvements.


Related:AI has a hardware crisis: Here’s how decentralized cloud can fix it


The attackers exploited a vulnerability in an API to display content in the input/output explorer, inadvertently revealing user IDs when searching by device IDs. Malicious actors compiled this leaked information into a database weeks before the breach.


The attackers leveraged a valid universal authentication token to access the “worker-API,” enabling changes to device metadata without requiring user-level authentication.


Husky.io emphasized ongoing thorough reviews and penetration tests on public endpoints to detect and neutralize threats early. Despite challenges, efforts are underway to incentivize supply-side participation and restore network connections, ensuring the platform’s integrity while serving tens of thousands of compute hours per month.


Io.net planned to integrate Apple silicon chip hardware in March to enhance its artificial intelligence and machine learning services.


Magazine:Real AI use cases in crypto: Crypto-based AI markets, and AI financial analysis# Blockchain# Cryptocurrencies# Security# HacksAdd reaction

News Feed

Liquidator of Defunct South African Crypto Exchange Says He Found a 54 BTC Discrepancy in Ice3’s Accounts
Liquidator of Defunct South African Crypto Exchange Says He Found a 54 BTC Discrepancy in Ice3"s Accounts A court-appointed liquidator, Dewald Breytenbach of National Liquidators,
Botswana Does Not Have Regulatory Framework for Crypto — Central Bank
Botswana Does Not Have Regulatory Framework for Crypto — Central Bank The Bank of Botswana (BOB) has said the country does not have a specific legal or regulatory framework perta
Guneet Kaur13 hours agoWhat is generative AI?Generative AI leverages large data sets and sophisticated models to mimic human creativity and produce new images, music, text and more.775 Total viewsListen to article 0:00Ov
Facebook Owner Meta Files Trademark Applications for ‘Meta Pay’ Covering Crypto Services
Facebook Owner Meta Files Trademark Applications for "Meta Pay" Covering Crypto Services Meta Platforms Inc., formerly Facebook, has filed five trademark applications for “M
Bitcoin Open Interest Crashes By $4.5 Billion In One Weekend, Spells Doom For Bulls
Este artículo también está disponible en español. Bitcoin open interestcrashed by billions in one weekend, painting a bearish outlook for the flagship crypto and spells d
American Panic Led to the Creation and Expansion of the Corrupt Federal Reserve System
American Panic Led to the Creation and Expansion of the Corrupt Federal Reserve SystemThe Federal Reserve System was created after the “Panic of 1907” and ever since its
German Ramirez5 hours agoThe secret to successful branding in Web3: The science of choosingOne more thing: It is not an art or magic. There is a science to branding.244 Total viewsListen to article 0:00Innovation CircleJ
5,000 Bitcoin ATMs Add Cash-Out Option: Libertyx Sees Strong Adoption
5,000 Bitcoin ATMs Add Cash-Out Option: Libertyx Sees Strong Adoption Libertyx has added a cash-out option to its 5,000 bitcoin ATMs. The CEO says this addition
Meta History Museum Raised Over $1,000,000, Releases New NFT Collection in Support of Ukraine
Meta History Museum Raised Over $1,000,000, Releases New NFT Collection in Support of Ukraine The META HISTORY project team created Ukraine’s first NFT war museum one month
Winner of Canadian Lottery Jackpot Says Impostors Using His Name to Steal Bitcoins
Winner of Canadian Lottery Jackpot Says Impostors Using His Name to Steal Bitcoins The winner of the Canadian lottery, Scott Gurney, has confirmed that scammers impersonating him o
A Deeper Look Into The Pirate Bay’s Mysterious ‘Piratetoken’ Soft Launch
A Deeper Look Into The Pirate Bay"s Mysterious "Piratetoken" Soft Launch In mid-May, the popular and perhaps the largest torrent tracker on the internet, The Pir
Report: Hong Kong-Based Asset Management Firm Acquires Controlling Stake in Asian Crypto Exchange Huobi
Report: Hong Kong-Based Asset Management Firm Acquires Controlling Stake in Asian Crypto Exchange Huobi Li Lin’s controlling stake in Huobi, one of Asia’s largest cry