On March 20, the GameFi project, Gala Games, advertisement which had recently filed a lawsuit against pNetwork, the cross-chain interoperability bridge used by Gala on the BNB smart chain. Last November, Gala Games was hacked after an unauthorized wallet address minted over $2 billion worth of GALA tokens and sold the tokens on PancakeSwap, draining $4.5 million of the liquidity pool and causing a substantial crash in the GALA token price.
The lawsuit alleges that the incident was the result of “negligence and tortious interference” on the part of pNetwork. On November 7, 2022, blockchain analytics platform SlowMist alleged that the incident may have stemmed from the leak of a text-based private key in one of the three pNetwork-affiliated Gala smart contracts. The leaked private key, according to SlowMist, was publicly viewable on GitHub.
“The lawsuit claims that (i)pNetwork admitted that it mistakenly leaked a governance key when deploying this pGALA bridge, which key was later used by an attacker to breach the pGALA contract on the BNB Chain.”
In a statement to Cointelegraph, a pNetwork representative stated:
“As a pNetwork team, we would like to express our genuine surprise and concern upon hearing the recent announcement by the GALA Games project to sue pNetwork. We would like to clarify that, three months ago, we had already submitted a comprehensive report to the Swiss authorities detailing all the incident”.
The representative said the report included full conversations and relevant documentation, and alleged that the Gala Games team deleted messages in “its role of planning, supporting and communicating the so-called ethical intervention.” pNetwork reiterated: “We have been fully transparent and cooperative with the authorities in this matter, and we strongly believe that the truth will come out.” Shortly after the incident, pNetwork claimed that their activity during the exploit it was an “ethical hacker move”. The claim has been disputed by the Huobi Global cryptocurrency exchange.
Gala Games alleges that the alleged hack caused more than $25 million in damages and is demanding $27.7 million from pNetwork in “breach payments, additional damages, punitive damages, and other compensation.”
“Should the lawsuit move forward, Gala has stated that any damages, less legal fees, will become GALA and burn. Gala is also aware of the harm pNetwork’s actions caused to many other third parties, and invites these other victims to contact the legal team”
In a postmortem analysis dated November 5, 2022, pNetwork stated that the dev team had noticed a “misconfiguration of the pNetwork bridge for the GALA token” and that “ownership of the pGALA smart contract (deployed in BSC) had been covertly taken due to misconfiguration:”
“Loss of ownership over the token’s smart contract opens up the possibility for the attacker to mint new tokens and alter pGALA at will.”
Furthermore, pNetwork wrote:
“Actually, there was no hack by whoever currently retains ownership of that smart contract (henceforth, the ‘attacker’), but the situation revealed a high security risk that needed to be mitigated with readiness”.
Gala also alleged that on November 5, 2022, pNetwork devised a plan to return in full “the BNB assets collected from the pool heist,” but allegedly failed to proceed with the plan in a follow-up on November 11, 2022. In a In a Telegram post, pNetwork said that the first part of its recovery plan involving GALA tokens “has been completed,” but the second part involving BNB tokens “is still on hold.”
“On February 8 we held a first meeting with the Swiss authorities (“Ministero Pubblico” from Lugano, Switzerland) to discuss the incident. The talks are still ongoing and we expect some progress to be made in the coming weeks.”
None of the accusations have been substantiated in court. pNetwork stated that it “will continue to work closely with the Swiss authorities and provide any additional information that is necessary to resolve this matter in the best interest of all parties involved.”
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.