io.net Fights Back Against Dangerous GPU Metadata Attack

banner-image

io.net, a decentralized physical infrastructure network (DePIN), recently suffered a breach on its network as malicious users exploited a vulnerability to execute a system query language (SQL) injection attack.

This allowed for unauthorized alterations to the metadata of devices within io.net’s graphics processing unit (GPU) network. Malicious attacks in the crypto space are a way of raising revenue for some countries.

Immediate Response and Security Measures

In an X post acknowledging the breach, Husky.io, the chief security officer of Io.net, detailed measures taken to prevent a future attack. The security chief assured members of the community that the attack did not compromise the actual hardware of the GPUs, which remained secure due to robust permission layers.  

The breach was detected on April 25 at 1:05 am Pacific Standard Time, when a surge in write operations to the GPU metadata application programming interface (API) triggered alerts.

In a swift response, io.net implemented multiple security measures, including SQL injection checks on APIs to prevent further unauthorized changes and enhanced logging of unauthorized attempts to monitor potential threats.

The security team also deployed a user-specific authentication solution using Auth0 with OKTA to address vulnerabilities related to universal authorization tokens.

Unintended Consequences and io.net’s Recovery Efforts

Although the measures helped contain the breach, Io.net suffered unintended consequences as the security update coincided with a snapshot of the network’s rewards program. This resulted in a significant drop in active GPU connections from 600,000 to 10,000 due to failure of legitimate GPUs that did not restart and update were unable to access the uptime API.

To address these challenges, io.net launched the “Ignition Rewards Season 2” in May to encourage supply-side participation. The initiative aims to boost the number of active GPUs on the network and restore connections. In addition, Io.net is partnering with suppliers to upgrade, restart, and reconnect devices to the network.

According to a recent report, users of Etherscan, suffered losses in funds from a malicious phishing scam advertisement. Developers have consistently sought to strengthen the security protocols of platforms against attack.

Ongoing Security Measures and Future Plans

Husky.io stressed the importance of continuous security reviews and penetration tests on public endpoints to detect and neutralize threats early. Despite the breach, Io.net assures of ongoing efforts to strengthen security while maintaining a reliable and efficient network.

In a recent move, the dYdX community approved the staking of 20 million DYDX tokens, valued at over $61 million, to enhance security measures on the decentralized crypto exchange (DEX). This underscores the importance of secured platforms.

io.net says it plans to integrate Apple silicon chip hardware to enhance its artificial intelligence and machine learning services. This integration is expected to bolster the platform’s capabilities while ensuring a more secure and robust infrastructure.

May 25, 2024

Marathon Digital CEO Fred Thiel is excited to team up with..

May 25, 2024

The Coinbase legal team asserted that the SEC is attempting to..

May 25, 2024

Previously, the Delaware Court of Chancery had dismissed the BitGo case..

ads-image ads-image