Io.net, a decentralized physical infrastructure network known as DePIN, recently experienced a cybersecurity breach. Malicious attackers took advantage of exposed user identity disclosures to carry out a Structured Query Language (SQL) injection attack, leading to unauthorized changes in device metadata within the graphics processing unit (GPU) network.
Insights from a Prominent Figure
Husky, the security chief of Io.net, promptly responded to the incident with remedial actions and security upgrades to protect the network. Fortunately, the attack did not harm the actual hardware of GPUs that remained secure due to robust permission layers. The attack was detected during an increase in write operations to the GPU metadata API, triggering alerts on the morning of April 25.
In response, security measures were enhanced by implementing SQL checks in application programming interfaces (APIs) and improving the logging of unauthorized attempts. Additionally, a user-specific authentication solution utilizing OKTA and Auth0 to address security vulnerabilities in universal authorization processes was quickly deployed.
This security update coincided with a snapshot of the reward program, exacerbating the expected decrease among participants on the supply side. As a result, legitimate GPUs that were not restarted and updated could not access the runtime API, leading to a significant drop from 600,000 to 10,000 active GPU connections.
Details of the Attack
The breach stemmed from security vulnerabilities that emerged while applying a proof of work (PoW) mechanism to identify fake GPUs. Aggressive security patches applied before the incident resulted in an increase in attack methods, necessitating ongoing security reviews and improvements.
Attackers exploited a security flaw in the API to view content in the input and output explorer, inadvertently exposing user identities while searching by device identifiers. Malicious actors compiled this leaked information in a database weeks before the breach.
Husky emphasized ongoing comprehensive reviews and penetration tests at public endpoints to detect and neutralize threats early. Efforts to encourage participation on the supply side, rebuild network connections, ensure platform integrity, and serve tens of thousands of computing hours per month continue despite challenges.
