Io.net CEO Ahmad Shadid recently revealed details of the Sybil attack on the network, highlighting the measures the company has taken to enhance security.
According to Shadid’s investigation published on social media, the attackers exploited security vulnerabilities to spoof GPU availability and receive rewards from the Solana-based decentralized computing network.
Lessons learned from the latest attack
After the April 27 attack on Sybil was detected, the Io.net team conducted a thorough analysis to understand how the attackers managed to exploit the network. The incident began when an unexpected spike in GPU connections was noticed, with some 1.8 million fake GP Us attempting to connect to the network.
“Over the past 120 hours, we have been working to exclude sybil attackers from the network, implement a number of security fixes and introduce a new security model to prevent future incidents,” – Shadid said. “During this time, I worked very closely with the team.”
The attackers exploited a vulnerability that allowed them to mimic the signals sent by the original GPUs, thus fooling the network into recognizing them as legitimate. “Like many startups, we act quickly and sometimes we mess things up,” – Shadid stated. “In this case, something broke and someone or some group tried to take advantage of it.”
Shadid noted that Io.net saw exponential growth in GPU connections after launching its fundraising and incentive program in March. But the rapid growth overwhelmed their infrastructure, leaving the team unprepared and unable to detect basic security vulnerabilities.
“This attack was a painful lesson for me,” the CEO said. “I apologize to the community for allowing this to happen. “Most of the criticism we have received is reasonable and our team is taking a calm approach to it.”
Implementing increased security and transparency measures
The company is actively implementing a series of measures to strengthen network security and restore trust.
First, Io.net is increasing the transparency of its user interface. The network now displays three key indicators on its dashboard: the total number of connected GPUs/processors, verified GPUs/processors that have passed Proof of Work, etc.
The technology team is also committed to transparency and will soon publish a list of known issues to keep the public informed, including current bugs and necessary updates. Finally, the business team is coordinating the relaunch of the network, which prioritizes strengthening vendor relationships and quickly restoring the network’s operational capability.