Was it yet another crypto hack? Or was it a “white hat” attempt to make sure a blockchain project is safe from the malicious actors stalking the digital-asset industry?
(Bloomberg) — Was it yet another crypto hack? Or was it a “white hat” attempt to make sure a blockchain project is safe from the malicious actors stalking the digital-asset industry?
Either way, investors in the GALA cryptocurrency were taken for a wild ride on Friday, with the token plunging as much as 30% before recovering, based on aggregate exchange data from CoinGecko. On one crypto exchange, GALA plunged 99% at one point.
Foul play or not, the incident underscores the nervous mood gripping the crypto industry after some $3 billion worth of exploits this year laid bare glaring security gaps. With their money at risk of getting pilfered by hackers, investors are dumping crypto assets at the merest hint of trouble.
Read more: ‘Financial Hacking’ Plagues DeFi in Latest Setback for Crypto
The episode also illustrates the sometimes confounding complexity of crypto projects, involving a “wrapped” version of GALA called pGALA, a “liquidity pool” on a decentralized exchange and a “bridge” — the software protocols that allow tokens to be exchanged across blockchains, and which have become a prime target for hackers.
The trouble started when over $2 billion worth of pGALA tokens appeared to have been created out of thin air on a single blockchain address. The mysterious address then started dumping those tokens on the decentralized exchange PancakeSwap, triggering fears of a hack and setting in motion the market cascade that sent GALA on its rollercoaster ride.
GALA is the native token of the Gala Games, a platform for play-to-earn blockchain games. The “wrapped” version, pGALA, can be thought of as a derivative that allows Gala gamers to exchange coins they earn for other cryptocurrencies.
Arbitrage Opportunity
When the price of pGALA tumbled on PancakeSwap, an arbitrage opportunity arose. Some crypto traders bought it there at rock-bottom prices, then swiftly sold the coin on centralized exchange Huobi, causing the price to crash there too. Because of its link to pGALA, the GALA coin was swept along.
It was then that the backers of pNetwork, the software bridge used to house pGala, added a fresh twist to the story by announcing on Twitter that it had created the fresh tokens as part of a “white hat” operation after discovering a security weakness.
“We noticed pGALA wasn’t to be considered safe anymore and coordinated the white hat attack to prevent pGALA from being maliciously exploited. Funds are safe but users should NOT transfer or buy/sell pGALA on pancakeswap,” pNetwork wrote in another tweet.
Disgruntled traders, meanwhile, took to the social-media platform to voice their discontent.
Yajin Zhou, chief executive of crypto security firm BlockSec, said pNetwork’s version of events is probably accurate — but even so, the initiative could have been better handled.
“Even if this is the truth, they should publicly tell the owners and explain what will happen before minting and selling, otherwise it will cause panic and users will sell their tokens,” Zhou said in an interview over the Telegram chat app.
PNetwork didn’t respond to requests for further comment. It said on its Telegram chat room that a more detailed postmortem will be released later.
GALA was trading at around $0.034 at 10 a.m. in London, down 14% in the past 24 hours, according to CoinGecko.
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.
