In a “white hack” attack, Pgala (pegged gala) tokens worth $4.3 million were taken ethically by the creators of pNetwork, an independent cross-chain bridge technology used to transfer assets across various chains.
On-chain analysis by security company BlockSec detected a "misconfiguration" in the token's smart contract today, which led to the discovery of the attack.
By "draining" pgala tokens locked in PancakeSwap pools, the creators of pNetwork had attempted to front-run any harmful hackers.
See Also: JPMorgan Executes First DeFi Transaction For Singapore's Project Guardian
These tokens are a 1:1 tokenized representation of the gala tokens used in the play-to-earn initiative Gala Games and were created by pNetwork itself.
When users use the pNetwork bridge to transfer gala tokens from its native chain, Ethereum ETH/USD, to the Binance BNB/USD Chain, the tokens are issued.
Anyone can mint tokenized gala (pgala) by using the pNetwork to lock their assets, including gala tokens, as collateral in the bridge contract.
The pNetwork team maintains the pgala tokens through smart contracts, and they can be sold on decentralized BNB Chain exchanges like PancakeSwap.
Configuration Error Could Have Been Exploited By Hackers
The team had found a configuration error that might be exploited by anyone to steal from the pgala smart contract.
The contract needed to be promptly patched and redeployed as a result. The redeployment of pGala was necessary due to a misconfiguration of the pNetwork bridge.
In order to protect the value of the gala tokens trapped in the bridge contract, it further stated that it had to drain the token in liquidity pools before redeploying the token contract.
The pNetwork developers created billions of pgala tokens out of thin air and traded them to BNB tokens in order to drain pgala liquidity on PancakeSwap.
Due to its privileged access from the contract, the team was able to mint these tokens.
“Our investigation shows that pNetwork had a privileged address and could mint the token. This address minted lots of tokens. As explained by pNetwork, the reason they minted and sold such a large number of pNetwork, is because they intentionally drained the pool to deploy a new pGala contract,” BlockSec stated.
55 Billion Gala Tokens Exchanged For 12,976 BNB Tokens
In multiple transactions, an address that is now thought to be pNetwork team issued 55 billion gala tokens and exchanged them for more than 12,976 BNB tokens worth around $4.3 million, according to on-chain data provided by security company Beosin.
PNetwork stated that all gala tokens on Ethereum as well as the underlying bridge collateral were secure.
It also said that it will, after taking a snapshot of user positions in the PancakeSwap pool, compensate user addresses for pgala and BNB in proportion to their positions.
Next: What The Fed's Latest Interest Rate Hike Means For The Crypto World
CLICK HERE to be part of Benzinga's Future of Crypto, Dec. 7 in New York. It will be the biggest day of the year for crypto enthusiasts, entrepreneurs, investors and networkers to discover the #1 crypto ideas you can use today — directly from hundreds of industry insiders and dozens of project creators.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
