Gala Games, an Ethereum-based play-to-earn gaming company, is trying to calm investors after an apparent multi-billion exploit of its native token GALA triggered an over 20% drop in its value Thursday. According to the company, the attack was a self-inflicted security measure.
Blockchain security company PeckShield flagged that a single wallet address appeared to mint over US$2 billion worth of GALA tokens unexpectedly on Friday, raising fears of a cyberattack.
However, pNetwork, which provides cross-chain support for decentralized finance (Defi) and gaming tokens such as GALA, soon claimed it was behind the ordeal. Cross-chain bridges are decentralized applications that enable the transfer of assets from one blockchain to another.
“We noticed pGALA [GALA tokens transacted through the pNetwork] wasn’t to be considered safe anymore and coordinated the white hat attack to prevent pGALA from being maliciously exploited,” said the pNetwork on Twitter. The network explained the issue was due to a “misconfiguration of the p.Network bridge,” specifically, a “PancakeSwap pool,” which let users swap pGALA tokens with tokens from the Binance Smart Chain (BSC).
This year is on track to be the biggest year ever for crypto hacks, with cross-chain bridges accounting for over half of the stolen funds, according to Blockchain analytics firm Chainalysis.
See related article: Crypto hackers on track for bonanza year as theft surges, Chainalysis says
“All GALA tokens on Ethereum as well as the underlying bridge collateral are SAFE,” pNetwork said. “For the time being, please consider the existing PancakeSwap pool to be invalid.”
pNetwork will launch a new pGALA token to replace those who had funds in the drained pool. Within two hours of the suspicious token creation, the price of GALA dropped over 20%. The price has since recovered after pNetwork’s announcements, with GALA now down only 12% to about US$0.03 over 24 hours.
On Twitter, Gala Games reshared pNetwork’s statements and said the network was “not hacked, breached, or exploited in any way.” But some Twitter users have voiced skepticism about pNetwork’s telling of the story.
Had a hacker successfully completed an exploit, they may have been able to apply for a maximum bounty of US$1,000,000 for exposing the flaw, according to pNetwork’s site.
Last month, the perpetrator of a US$9.1 million hack of the decentralized protocol Moola Market returned stolen funds for an undisclosed ransom.
See related article: Moola Market DeFi hacker returns US$9 mln in stolen funds for bounty