PNetwork bridge drains over $4.3 million in tokens that it had issued on its bridge

pNetwork bridge drain $4.3 million from PancakeSwap in 'white hat' attack

According to on-chain analysis by security firm BlockSec, the “white hat” exploit was carried out today after the team claimed to have discovered a “misconfiguration” in the token’s smart contract.

The pNetwork developers attempted to outrun any malicious hackers by “draining” pgala tokens stored in PancakeSwap pools.

These pNetwork-issued tokens are a 1:1 tokenized version of the gala tokens used in the play-to-earn project Gala Games.

The tokens are issued whenever users bridge gala tokens from Ethereum’s original chain to the BNB Chain using the pNetwork bridge.

Anyone can use pNetwork to lock their assets as collateral in the bridge contract, including gala tokens, and mint tokenized gala, also known as pgala.

The pgala tokens are managed by the pNetwork team through smart contracts and can be traded on decentralized exchanges (DEXs) on the BNB Chain.

The team announced today that it had discovered a bug that could allow anyone to steal from the pgala smart contract. As a result, the contract had to be patched and redeployed as soon as possible.

1/n pGALA on BSC Notice: A misconfiguration of the https://t.co/Tpj4G7IkUe bridge necessitated the redeployment of pGALA. We’re working directly w/the Gala team and w/ exchanges to provide the necessary pGALA balances to restore functionality of pGALA deposits & withdrawals.
— pNetwork 🦜 (@pNetworkDeFi) November 3, 2022

It went on to say that before it could redeploy the token contract, it had to drain the token in liquidity pools and perform a white hat attack to protect the value of gala tokens locked in the bridge contract.

The pNetwork developers created billions of pgala tokens out of thin air and swapped them for BNB tokens to drain pgala liquidity on PancakeSwap. Because of the contract’s privileged access, the team was able to mint these tokens.

On-chain data provided by security firm Beosin revealed that an address, now believed to be the pNetwork team, minted 55 billion gala tokens and exchanged them for over 12,976 BNB tokens worth approximately $4.3 million in multiple transactions.

https://twitter.com/BeosinAlert/status/1588376895078694913

PNetwork clarified that all gala tokens on Ethereum, as well as the underlying bridge collateral, were safe, and that it intends to reimburse pgala and BNB to user addresses in proportion to their PancakeSwap pool positions after taking a snapshot of their positions.

5/n All GALA tokens on Ethereum as well as the underlying bridge collateral are SAFE.
— pNetwork 🦜 (@pNetworkDeFi) November 3, 2022

Gala Games responded to the incident, claiming that its token was “not hacked, breached, or exploited in any way,” and directing users to pNetwork’s posts about white hat activity. Nonetheless, the incident created havoc in the gala token market.

Reminder: $GALA was not hacked, breached, or exploited in any way.

Please see this thread from @pNetworkDeFi, the creator of $pGALA and the pNetwork Bridge.https://t.co/CqoD0xp0Hg
— Gala Games (@GoGalaGames) November 4, 2022

TagsBlockchain Crypto DeFi Hacker

Roland Guirdonan

Roland is a Public Relations & Communications guru with an immense passion for the blockchain and crypto industry. A fusion of his expertise and passion led to the dawn of Optimisus in 2020.