According to on-chain analysis by security firm BlockSec, the “white hat” exploit was carried out today after the team claimed to have discovered a “misconfiguration” in the token’s smart contract.
The pNetwork developers attempted to outrun any malicious hackers by “draining” pgala tokens stored in PancakeSwap pools.
These pNetwork-issued tokens are a 1:1 tokenized version of the gala tokens used in the play-to-earn project Gala Games.
The tokens are issued whenever users bridge gala tokens from Ethereum’s original chain to the BNB Chain using the pNetwork bridge.
Anyone can use pNetwork to lock their assets as collateral in the bridge contract, including gala tokens, and mint tokenized gala, also known as pgala.
The pgala tokens are managed by the pNetwork team through smart contracts and can be traded on decentralized exchanges (DEXs) on the BNB Chain.
The team announced today that it had discovered a bug that could allow anyone to steal from the pgala smart contract. As a result, the contract had to be patched and redeployed as soon as possible.
It went on to say that before it could redeploy the token contract, it had to drain the token in liquidity pools and perform a white hat attack to protect the value of gala tokens locked in the bridge contract.
The pNetwork developers created billions of pgala tokens out of thin air and swapped them for BNB tokens to drain pgala liquidity on PancakeSwap. Because of the contract’s privileged access, the team was able to mint these tokens.
On-chain data provided by security firm Beosin revealed that an address, now believed to be the pNetwork team, minted 55 billion gala tokens and exchanged them for over 12,976 BNB tokens worth approximately $4.3 million in multiple transactions.
PNetwork clarified that all gala tokens on Ethereum, as well as the underlying bridge collateral, were safe, and that it intends to reimburse pgala and BNB to user addresses in proportion to their PancakeSwap pool positions after taking a snapshot of their positions.
Gala Games responded to the incident, claiming that its token was “not hacked, breached, or exploited in any way,” and directing users to pNetwork’s posts about white hat activity. Nonetheless, the incident created havoc in the gala token market.