Io.net, a decentralized physical infrastructure network (DePIN), recently experienced a cybersecurity incident involving a structured query language (SQL) injection attack. The attack resulted in the exploitations of leaked user ID tokens and unauthorized alterations of device metadata on the graphics processing unit (GPU) network.
However, Io.net’s security lead Husky.io responded swiftly with security patches and upgrades to safeguard the network. Fortunately, the physical hardware of the GPUs remained unharmed due to robust permissioning layers.
The breach was detected during a spike in write operations to the GPU Metadata application programming interface (API), triggering an alert at 1:05 AM PST on April 25.
In response, security measures were enhanced by implementing SQL injection checks on the API and increasing logging of unauthorized attempts. Additionally, a user-specific authentication solution using Auth0 with OKTA was swiftly deployed to address vulnerabilities related to shared authorization tokens.
Unfortunately, this security update coincided with a scheduled Airdrop snapshot, exacerbating an anticipated dip in user participation.
The attackers exploited a vulnerability in the API to display content within the input/output explorer, inadvertently exposing user IDs when searching by device ID. Malicious actors had been compiling this leaked information in a database for several weeks prior to the breach.
The attackers leveraged valid shared authentication tokens to access the “worker API,” enabling them to alter device metadata without requiring user-level authentication.
To bolster Io.net’s security posture, plans to integrate Apple silicon chip hardware were moved forward in March.
