White Hat Attack Sees Creators Of pNetwork Bridge Steal $4.3M From PancakeSwap

Zinger Key Points
  • More than $4.3 million worth of tokens that pNetwork bridge had issued on its bridge were drained in a 'white hack' attack.
  • The team claims to have found a misconfiguration in the smart contract for the token.

In a “white hack” attack, Pgala (pegged gala) tokens worth $4.3 million were taken ethically by the creators of pNetwork, an independent cross-chain bridge technology used to transfer assets across various chains.

On-chain analysis by security company BlockSec detected a "misconfiguration" in the token's smart contract today, which led to the discovery of the attack.

By "draining" pgala tokens locked in PancakeSwap pools, the creators of pNetwork had attempted to front-run any harmful hackers.

See Also: JPMorgan Executes First DeFi Transaction For Singapore's Project Guardian

These tokens are a 1:1 tokenized representation of the gala tokens used in the play-to-earn initiative Gala Games and were created by pNetwork itself.

When users use the pNetwork bridge to transfer gala tokens from its native chain, Ethereum ETH/USD, to the Binance BNB/USD Chain, the tokens are issued.

Anyone can mint tokenized gala (pgala) by using the pNetwork to lock their assets, including gala tokens, as collateral in the bridge contract.

The pNetwork team maintains the pgala tokens through smart contracts, and they can be sold on decentralized BNB Chain exchanges like PancakeSwap.

Configuration Error Could Have Been Exploited By Hackers

The team had found a configuration error that might be exploited by anyone to steal from the pgala smart contract.

The contract needed to be promptly patched and redeployed as a result. The redeployment of pGala was necessary due to a misconfiguration of the pNetwork bridge.

In order to protect the value of the gala tokens trapped in the bridge contract, it further stated that it had to drain the token in liquidity pools before redeploying the token contract.

The pNetwork developers created billions of pgala tokens out of thin air and traded them to BNB tokens in order to drain pgala liquidity on PancakeSwap.

Due to its privileged access from the contract, the team was able to mint these tokens.

“Our investigation shows that pNetwork had a privileged address and could mint the token. This address minted lots of tokens. As explained by pNetwork, the reason they minted and sold such a large number of pNetwork, is because they intentionally drained the pool to deploy a new pGala contract,” BlockSec stated.

55 Billion Gala Tokens Exchanged For 12,976 BNB Tokens

In multiple transactions, an address that is now thought to be pNetwork team issued 55 billion gala tokens and exchanged them for more than 12,976 BNB tokens worth around $4.3 million, according to on-chain data provided by security company Beosin.

PNetwork stated that all gala tokens on Ethereum as well as the underlying bridge collateral were secure.

It also said that it will, after taking a snapshot of user positions in the PancakeSwap pool, compensate user addresses for pgala and BNB in proportion to their positions.

Next: What The Fed's Latest Interest Rate Hike Means For The Crypto World

CLICK HERE to be part of Benzinga's Future of Crypto, Dec. 7 in New York. It will be the biggest day of the year for crypto enthusiasts, entrepreneurs, investors and networkers to discover the #1 crypto ideas you can use today — directly from hundreds of industry insiders and dozens of project creators.

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In: CryptocurrencyNewsMarketsTechBinanceBlockchainlayer 1 blockchainwhite hat attack
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!