Recently, the AI+DEPIN track's star project, io.net, suffered a hacker attack. Hackers were able to access the io.net metadata API without authorization, using the accessible mapping from user IDs to device IDs to change the names and online statuses of multiple machines. Some community users had discovered and reported this security vulnerability a month prior, but it was not addressed. Fortunately, this attack only affected the user front-end metadata and did not involve GPU access permissions or user data.

The API of io.net lacked proper authentication measures, allowing hackers to modify device information through simple HTTP requests. This attack exposed shortcomings in io.net's data interface security. Although this incident did not directly compromise users' sensitive personal data, it revealed related issues in its system. In response to this event, io.net accelerated the deployment of zero-trust authentication (OKTA) at the device level. Additionally, io.net has introduced Auth0 Tokens for user verification to prevent unauthorized metadata changes.

As a result of this incident, the number of active GPU connections in the io.net network drastically fell from 600,000 to 10,000. The entire crypto community has also expressed concerns about the security and availability of decentralized computing power platforms. This event has exposed security vulnerabilities that undermine user trust in similar platforms.

Distributed Super Computing (DSC) believes that the foundation of a decentralized network is not only innovative technology but also user trust. Therefore, we aim to prevent such security vulnerabilities through rigorous security measures and more transparent community communication.

Proactive Security Measures by DSC

In response to the community, and to reaffirm our commitment to our community, we wish to emphasize our existing and ongoing security strategies:

• Multi-Layer Defense System: The DSC platform employs a comprehensive security architecture to fend off external intrusions and internal threats. This includes firewalls, intrusion detection systems, and regular security audits.

• Zero Trust Authentication: DSC has implemented a zero-trust security model to ensure strict authentication protocols are in place across all devices and users on our network.

• Real-Time Monitoring and Incident Response: A robust team of cybersecurity professionals monitors our network 24/7 for any suspicious activity. Immediate actions are taken to mitigate and rectify any intrusions that occur.

• Community Engagement and Transparency: We maintain open communication channels with the community, encouraging users to report any potential security vulnerabilities. Our team of security experts takes these reports seriously and addresses them swiftly.

Additional Measures in Light of Concerns Similar to Those of Io.net

On top of our existing security infrastructure, DSC is also introducing additional measures:

• Advanced User Authentication: Similar to the Auth0 Token system deployed by io.net, we are implementing a more robust user verification process to further prevent unauthorized metadata changes.

• Device Authentication: We are strengthening the linkage between user IDs and device IDs to ensure that only verified devices can connect to our network.

• Enhanced Protection of User Data: DSC is committed to protecting personal user data. Our systems are designed to ensure that any sensitive personal information cannot be accessed or altered in the event of an API attack.

Rebuilding Community Confidence in the Decentralized Computing Power Market

Not only does the DSC project enhance technical security measures and increase communication transparency, but it also advocates and initiates a series of industry activities, taking on the responsibility of reshaping community and user trust. Below are the upcoming activities by DSC aimed at building a more robust cooperation network and enhancing the security and trust of the entire decentralized computing market.

• Initiating an Industry Security Alliance and Expanding Partnerships: DSC is actively expanding partnerships upstream and downstream, committed to building a stronger cooperation network. As a cultivator in the industry, DSC has extensive experience in providing decentralized computing power services to various sectors and is keen on sharing experiences in security protection and industry construction.

• Establishing a Security Assurance Fund: DSC plans to set up a dedicated security assurance fund, which will be used to reward community members actively involved in security maintenance, purchase security services provided by partners, and compensate and repair potential security vulnerabilities. This initiative reflects DSC's proactive approach to security issues and our commitment to continued investment in security.

• Hosting a White Hat Hacker Program: To further strengthen security defenses, DSC will host a white hat hacker competition. We encourage security researchers and white hat hackers to actively seek any technical vulnerabilities during the platform's beta testing period and offer bounties for successfully reported bugs. Such challenges not only effectively identify and repair vulnerabilities but also promote participation and innovation in the security community.

DSC is committed to establishing a reliable and secure platform benchmark, providing a safer, more transparent, and assured environment for users and partners. The incident with io.net may have shaken many people's confidence in the decentralized computing power industry, but it has only strengthened DSC's commitment to security and trust. These are not just technical issues but fundamental issues that affect every stakeholder in the decentralized computing space. With the rollout of various security measures and increased communication between the industry and the community, DSC not only hopes to restore but also enhance the trust and confidence of users.

Follow us：