Garrett Oetken: Bittensor SDK Hack, Opentensor Foundation, Cybersecurity, Patrol Subnet 81 | Ep. 40

This episode unpacks the aftermath of a major Bittensor SDK hack, revealing how former OpenTensor CTO Garrett Oetken is now building Patrol (Subnet 81), a decentralized intelligence agency designed to bolster security and trust within the Crypto AI ecosystem.

Garrett Oetken's Role at the OpenTensor Foundation (OTF)

Garrett Oetken details his former position as Chief Technology Officer (CTO) at the OpenTensor Foundation (OTF). His focus was largely behind the scenes, aligning internal teams and preparing the BitTensor network for self-sustainability. This involved fostering the ecosystem, improving tools and chain reliability, and paving the way for key decentralization features like Dynamic TAO (DTAO).

Roadblocks to BitTensor Self-Sustainability

• Garrett identifies subnet governance as the number one challenge facing the BitTensor ecosystem post-DTAO.
• While DTAO reduced the need for the "oligarchic" structure of the original root network validators vetting subnets, it surfaced a persistent tension:
  • How should validators respond when a subnet owner abuses parameters?
  • How should subnet owners defend against validators attempting hostile takeovers?
• Garrett notes this two-sided problem requires finding a balance in governance within subnets, where ownership is shared yet centrally directed, a debate currently active in the community.

Key Contributions at OTF - Commit Reveal

• Garrett highlights the development of "Commit Reveal" as a significant technical achievement during his time at OTF.
  • Problem: Validators could copy weight settings from others ("weight copying") to earn rewards without contributing compute, threatening the ecosystem.
  • Solution: Commit Reveal introduced a delay mechanism. Validators commit their weights, but these are only revealed on-chain later (e.g., after an epoch). This ensures copiers are always behind, reducing their effectiveness.
  • Garrett emphasizes this seemingly subtle feature solved a major problem without requiring subnet owners to change code. He notes, "That's something that kind of defines I guess a little bit of the difference between working inside the foundation versus working on a subnet... we were tackling problems like that in the foundation about how do you keep the network as a whole intact?" This illustrates OTF's focus on core network integrity and tooling (like the SDK and CLI) improvements.

The Bittensor SDK Hack Explained

• Garrett provides a detailed account of the BitTensor SDK exploit that occurred roughly 10-11 months prior to the recording.
  • Mechanism: An attacker compromised an upload key for PyPI (the Python Package Index). During a ~2-hour delay between a GitHub release (v6.12.2) and the PyPI upload (caused by a chain upgrade), the attacker uploaded a malicious version to PyPI.
  • Malware: This version contained code that decrypted users' wallet keys (if used via the SDK) and sent them to an attacker-controlled website.
  • Impact: Millions of dollars worth of TAO were stolen.
  • Affected Users: Primarily those who installed the specific PyPI version 6.12.2 (not the GitHub version) and used their wallet via the SDK. This typically included validators or miners updating dependencies for a subnet, rather than average users.

Patrol's Genesis - Responding to the Hack

• The SDK hack directly inspired the creation of Patrol (Subnet 81). Garrett, along with Paul (former CIO of OpenTensor, now at Tensora with Garrett), was heavily involved in the hack response.
  • They found the post-attack investigation (identifying perpetrators, recovering funds) extremely difficult and time-consuming, requiring external expertise.
  • Patrol was conceived as a way to leverage BitTensor itself to streamline this process. It aims to function as a "decentralized intelligence agency" or "decentralized Palantir."
  • Core Idea: Build a relational graph correlating wallets, social media accounts, code repositories, etc., allowing investigators to map connections around a suspect wallet in seconds, work that previously took days or weeks manually. This shifts the focus from purely reactive to proactive security intelligence.

Leveraging AI and Cybersecurity Expertise

• Garrett explains how his and Paul's prior experience uniquely positioned them to tackle this security challenge.
  • They co-founded a previous AI cybersecurity startup.
  • Novel Technique: They used computer vision to analyze executable code (interpreted as multi-dimensional point clouds) to detect malware patterns invisible to humans. Garrett notes, "AI was definitely not new to the cyber security space but it was certainly abnormal to use computer vision as a way to solve for that."
  • This allowed them to find novel malware and zero-days faster than conventional methods. This deep background at the intersection of AI and security informed their approach at OTF and the design of Patrol.

Patrol as BitTensor's Intelligence Agency

• Garrett confirms the "intelligence agency" framing is accurate for Patrol's ultimate vision, though its current focus is exclusively on the BitTensor chain.
  • Roadmap: Start with BitTensor ("our own backyard") and expand to encompass broader open-source intelligence (OSINT), including other blockchains and publicly available data sources.
  • OSINT Definition: Open-Source Intelligence refers to intelligence collected from publicly available sources. Patrol aims to gather and correlate this public data, not private information.
  • "This really is just a first step and and ultimately yes what you're describing as this kind of intelligence agency of Bit Tensor I think is very accurate as far as what patrol is going to be," Garrett states, outlining the ambitious long-term scope.

How Patrol Miners Operate

• Miners on Patrol (Subnet 81) are tasked with constructing a large-scale relational graph.
  • Mechanism: They return data structured as nodes (e.g., wallets) and edges (relationships like transactions, staking, parent-child links).
  • Functionality: This allows users querying the subnet to instantly see all wallets connected to a target wallet and the nature of those connections within BitTensor.
  • Future State: As data sources expand (other chains, Twitter mentions, GitHub activity, cross-chain bridge transactions), querying a single wallet could reveal a vast network of related entities and activities across different platforms.

Expanding Data Sources and Miner Flexibility

• Expanding Patrol's data coverage involves technical and strategic considerations.
  • Validation Challenge: Verifying miner contributions is crucial. On-chain data is easily verifiable, making it the easiest to onboard first. Correlating off-chain data (like social media activity) is harder to validate definitively.
  • Rollout Strategy: Data sources will be added progressively, balancing ease of verification with intelligence value.
  • Miner Specialization: Miners will have the flexibility to focus on specific data types or correlations (e.g., linking Twitter to BitTensor wallets vs. analyzing Ethereum transactions) rather than needing to cover everything. This allows miners to leverage their specific strengths and resources.

The Challenge of Correlating Off-Chain Data

• Garrett distinguishes between simple data scraping (e.g., finding wallet address mentions on Twitter - "low-hanging fruit") and more complex, valuable analysis.
  • Event Correlation: This involves identifying relationships based on behavior patterns, even without direct on-chain links (e.g., correlating wallet transactions with proximate social media activity). This requires looking for correlations with "dotted lines."
  • AI's Role: AI models can potentially identify non-intuitive behavioral patterns linking accounts or wallets that humans might miss.
  • Miner Innovation: This complex correlation task is where miners can significantly innovate, potentially developing solutions beyond the subnet owners' initial designs. Garrett notes miners are already outperforming his own expectations on Patrol.

Addressing Privacy Tools and Validation Complexity

• Patrol faces challenges from privacy-enhancing techniques and the need for robust validation.
  • Centralized Exchanges (CEXs): Tracking funds through CEXs is difficult without direct partnerships (often involving law enforcement). Patrol's open-source approach focuses on analytical methods like event correlation – trying to match behavioral patterns of funds going in and out of exchanges.
  • Privacy Coins/Mixers: While not explicitly detailed for tools like Tornado Cash, the principle relies on correlating surrounding public data and behavioral patterns, acknowledging it's harder than direct tracing.
  • Validation: The system needs to verify miner contributions accurately, especially as more complex, correlated data sources are added. The mechanism must be robust enough to ensure data integrity while allowing for miner innovation.

The Importance of Subnet Partnerships

• Garrett advocates strongly for inter-subnet collaboration on BitTensor.
  • Efficiency: Subnets represent specific problem spaces; partnering avoids redundant effort ("reinventing the wheel").
  • Compounding Innovation: Patrol could utilize data or analysis from other subnets (e.g., a data acquisition subnet or an analysis model subnet) as input for its miners. This creates pipelines where subnets build upon each other, accelerating innovation across the ecosystem.

Tensora's Role and Miner Collaboration

• Garrett highlights the crucial role of Tensora, an experienced mining group, in developing Patrol.
  • Benefit: Miners possess deep knowledge of how to exploit subnet incentive mechanisms. Involving them early allows developers to identify and patch potential exploits before launch.
  • "Nobody knows how to exploit a subnet like a minor does," Garrett states, emphasizing their value in stress-testing the system.
  • Recommendation: He advises all subnet builders to either foster their own mining community or work closely with existing ones to build more robust and secure subnets by getting honest, critical feedback.

Transition from Public (OTF) to Private Sector (Patrol)

• The move from OTF CTO to working on a specific subnet within the private BitTensor ecosystem felt natural for Garrett, following a path taken by other OTF alumni.
  • Mental Shift: The primary adjustment was shifting focus from the network's overall health ("what's best for everybody") to the success of their specific subnet and business ("how do I win this competition").
  • He acknowledges the need to balance this competitive drive with the broader ecosystem perspective gained at OTF, maintaining a relationship and providing feedback.

New Perspectives on BitTensor Development

• Being a subnet owner provides Garrett with newfound clarity on the BitTensor protocol's strengths and weaknesses from a user's perspective.
  • Feedback Loop: Encountering problems or limitations directly informs feedback to OTF about necessary protocol changes or features.
  • Practical Insights: This "in the trenches" experience allows for precise identification of what works, what's broken, and what features would be most beneficial for developers and users on the network.

Reflections on Dynamic Tao (DTAO) Launch

• Garrett views the DTAO launch as a "massive success" so far.
  • Positive Outcomes: The launch itself was relatively smooth, and it has generally resulted in "good subnets" achieving top slots and higher emissions.
  • Ongoing Work: He reiterates that subnet governance remains an area needing further attention and that the ecosystem is continuously evolving as participants learn the "game."

The Subnet Governance Dilemma Revisited

• Garrett elaborates on the complexities of subnet governance and ownership.
  • Owner Removal: While discussed at OTF, allowing validators to easily oust a subnet owner is dangerous due to the potential for hostile takeovers.
  • Validator Power: He points to the Subnet 28 incident (where OTF and validators coordinated to replace a "joke subnet's" validation code) as a positive example of validator governance power but also highlights the potential negative flip side.
  • Current State: The owner retains the slot but has limited power, facing the risk of their subnet token value collapsing. Governance remains partially community-driven.
  • Improvement Area: He suggests a protocol-based mechanism for transferring or selling subnet slots would be beneficial, as many deals currently happen off-chain ("backend deals"), especially for acquiring slots below the potentially high registration fee.

Role of the Tow.com Validator

• The validator operated by tow.com (formerly the X / BitTensor Guru validator, a top network validator) serves multiple purposes.
  • Patrol Integration: It acts as an entry point for Patrol's future API services, routing user queries to the subnet miners.
  • Primary Goal: Its main function is to support the upcoming tow.com product, the details of which were not elaborated upon.

Patrol's Long-Term Vision and Success Metrics

• Patrol's overarching goal is to be the "decentralized intelligence agency" for crypto, enhancing trust.
  • Core Problem: Addressing the lack of trust that hinders investment and development in crypto ecosystems like BitTensor.
  • Function: Building on-chain reputations (potentially anonymous but risk-profiled) to signal trustworthiness.
  • Measurable Goals (12-18 months): Achieve near 100% data coverage for the top 5-10 blockchains with block-by-block refresh rates, and integrate major social media data sources. Success is ultimately tied to fostering greater trust and, consequently, investment in the ecosystem.

Addressing Surveillance and Privacy Concerns

• Garrett directly addresses potential concerns about Patrol enabling surveillance.
  • Data Scope: Patrol exclusively uses Open-Source Intelligence (OSINT). "We're operating on open source intel so any data we collect is available for the public to consume," he clarifies. The goal is correlating public data, not accessing private information.
  • Decentralization Benefit: The intelligence graph is distributed across hundreds of miners, not held centrally. This makes it open, transparent, resistant to single points of failure or control, and less prone to the biases of a central entity. He argues this leads to higher quality, more objective intelligence.

Stance on Social Credit Scores and Mission Focus

• Garrett explicitly distances Patrol from applications like social credit scoring.
  • Mission: The focus remains strictly on security and trust – preventing theft, tracing illicit funds, and understanding fund flows to build confidence.
  • Scope Limitation: Patrol does not aim to "opine on the actions of individuals or the opinions of individuals." This aligns with Tensora's culture and Patrol's specific security-oriented mission.

Offense vs. Defense - Hiding vs. Tracking Crypto

• When asked which is harder, hiding funds or tracking them, Garrett offers a nuanced view:
  • Hiding: Generally easier if the person knows what they are doing. Techniques exist to obscure trails.
  • Tracking: Very difficult, requiring specialized skills, especially against sophisticated actors using CEXs, mixers, or privacy coins.
  • The Catch: Many people think they are hiding effectively but make mistakes. Patrol aims to capitalize on these mistakes by meticulously correlating the available public data.

Final Security Advice - Key Management

• Garrett's primary security advice for users is fundamental yet crucial:
  • Meticulous Key Management: Know where your private keys are at all times and minimize their exposure.
  • Best Practices: Use cold storage (hardware wallets like Ledger, or paper backups securely stored) whenever possible. Avoid keeping large amounts accessible in "hot" wallets connected to the internet.
  • Segregation: Separate funds into hot wallets (for daily use, smaller amounts) and cold wallets (for long-term holdings, "nest egg"). He stresses that overlooking these basics for convenience is a common vulnerability.

This discussion underscores the critical interplay between security, trust, and the viability of decentralized AI networks; investors and researchers should closely track initiatives like Patrol, as their success directly impacts ecosystem risk, stability, and the practical adoption of technologies built on BitTensor.