Io.net clears uncertainty regarding GPU metadata attack

Cyberattacks on decentralized networks are not uncommon and this time the affected one is Io.net. It has faced a cybersecurity breach recently which affected its GPU metadata. Though the attack took place, there hasn’t been much harm to the network and it remains robust. 

GPU metadata attack on Io.net

Io.net has faced a cybersecurity breach recently. The mentioned DePIN (decentralized physical infrastructure network) faced a breach related to user ID tokens. Some malicious elements were involved in the use of these tokens to execute an SQL injection attack. 

The result of the attack was some unauthorized changes in the device metadata. The affected area was the GPU’s network’s metadata. Though the unauthorized changes took place, these didn’t go unheeded. As soon as the chief security officer of the network Hushky.io became aware of the changes, they responded to it.

The CSO shared details regarding the remedial actions which included some security upgrades. Furthermore, they cleared uncertainty regarding further harm as the damage has been controlled timely. As per the available information from the Io.net security team, the GPU’s actual hardware hasn’t been affected.

There are multiple robust layers of security in place for the mentioned DePIN. These security layers ensure that the GPU hardware isn’t affected by any unauthorized changes. The security team was alerted at 1:05 AM Pacific Standard Time as there was a surge in write operations to the API. 

Uncertainty and subsequent fears regarding the security

The security team responded with the implementation of SQL injection and the logging of unauthorized change attempts. Furthermore, a specific OKTA and Auth0 solution were deployed to address the problems. These changes took place in order to address the vulnerabilities related to the universal tokens. 

The unfortunate fact about these changes is the coincidence with the rewards program. As a result of the implementation of the security update, the supply-side participants decreased. Furthermore, the number of active GPU connections decreased from 0.6 million to 0.1 million. 

In order to tackle the problem, Io.net has announced Ignition Rewards Season 2 in May. This rewards program will encourage supply-side participation. Also, the developers have planned including collaboration with suppliers to upgrade and restart the devices to be connected. 

The breach took place as the result of the implementation of the POW mechanism to ensure that counterfeit GPUs are identified in time. The attacks escalated after the aggressive security patches caused concern and later resulted in the breach. 

Response to the metadata attack

The vulnerability has resulted in revealing user IDs. These malicious actors had compiled the leaked info in a database before the breach took place. Hushky.io, the CSO of Io.net, has responded to the metadata attack. 

So – we fucked up.

On 4/25/24 user(s) were able to use previously exposed user ID tokens to perform a SQL injection attack and mess with device metadata.

To prevent this in the future, we accelerated a deployment of auth zero authentication (OKTA) at the device level, which… https://t.co/PXdthHMU81

— hushky.io (@0xHushky) April 28, 2024

Hushky.io has expressed hopes regarding security and further improvements. They shared an update regarding the ongoing reviews and penetration results. As result of new changes threats can be detected and neutralized in a timely manner. Furthermore, efforts are ongoing to restore the platform’s integrity through incentives and foolproof security. 

Io.net also has plans to integrate to Apple silicon chip hardware in order to improve AI and ML services. 

Conclusion

Io.net has recently faced a cyber attack recently which was countered in time. The security breach was aimed at affecting GPUs but they have remained safe due to the robust security layers. Furthermore, the CSO has announced that a livestream will take place on 28 April to show the robustness of the network.