Cointelegraph reported a cybersecurity breach on Io.net, a decentralized physical infrastructure network (DePIN). Malicious users exploited user ID tokens to conduct a SQL injection attack that altered device metadata within the GPU network unauthorizedly.
Husky.io, the chief security officer of Io.net, quickly took remedial steps and implemented security upgrades to safeguard the network. Fortunately, the attackers did not compromise the actual hardware of the GPUs due to strong permission layers.
The breach was discovered when there was a surge in write operations to the GPU metadata API, setting off alerts at 1:05 am Pacific Standard Time on April 25.
To counter this breach, security measures were enhanced by adding SQL injection checks on APIs and improving the logging of unauthorized tries. Furthermore, a user-specific authentication solution using Auth0 with OKTA was swiftly rolled out to address vulnerabilities linked to universal authorization tokens.
However, this security update coincided with a snapshot of the rewards program, leading to a dip in supply-side participants. Consequently, legitimate GPUs that did not go through a restart and update could not access the uptime API, causing a significant decrease in active GPU connections.
To tackle these issues, Ignition Rewards Season 2 was launched in May to encourage participation from the supply side. Continuous efforts are underway together with suppliers to upgrade, restart, and reconnect devices to the network.
The breach originated from vulnerabilities introduced during the implementation of a proof-of-work mechanism to identify counterfeit GPUs. Strong security measures prior to the incident prompted an increase in attack methods, necessitating ongoing security assessments and enhancements.
The attackers took advantage of an API vulnerability to reveal user IDs unintentionally when searching by device IDs in the input/output explorer. They compiled this leaked data into a database weeks before the breach.
Exploiting a valid universal authentication token, the attackers accessed the "worker-API" and changed device metadata without the need for user-level authentication.
Husky.io stressed the importance of continuous comprehensive reviews and penetration tests on public endpoints to identify and eliminate threats early. Despite challenges, steps are being taken to motivate participation from the supply side and restore network connections, ensuring the platform's integrity while delivering tens of thousands of compute hours monthly.
