Wow, what a week! Starting with the launch of Spider Tanks, and ending in a perfect storm of unfortunate circumstances and FUD, capped off by the release of the GALA 2023 Vision. You can see some on Spider Tanks and GALA 2023 below.
Now, with the videos out of the way, on to the meat of the issue surrounding pGALA and pNetwork. This is our only official statement on this issue.
The whole saga started when we were put in touch with pNetwork by a partner at a major exchange in mid-2021. pNetwork said they were going to create a bridge for GALA over to BNB Chain. Given that this is the decentralized future, there really wasn’t anything we could do to stop them, so they went ahead and built the bridge. Ironically, the bridge isn’t the issue here. While the last few months have been filled with breaches and bridge drains, that isn’t what happened here.
When Thomas Bertani of pNetwork reached out to us on Thursday, he informed us that the contract on BNB Chain had been breached but not yet exploited. The breach had occurred because pNetwork engineers had mistakenly left a key in the contract and they had been used to change one of the control addresses. According to Bertani, this breach actually happened 67 days ago but had never been exploited. Essentially, the BNB Chain contract was a loaded bomb that could go off at any time if the malicious actor decided to exploit the contract. If there was any sign that the breach had been discovered, Bertani thought it likely that the malicious actor would swing into action, minting unlimited pGALA on the pNetwork pGALA contract.
Bertani presented us with a plan to deactivate the bridge and then whitehat exploit their own contract. They asked us to contact exchanges and alert them to immediately suspend deposits and withdrawals of all pGALA. We reached out to all exchanges we have contact with and informed them of the situation, asking them to suspend the BEP-20 pGALA. Most did so, but unfortunately not everyone. Additionally, as we typically do not attempt to promote tokens directly, we are not in contact with the vast majority of exchanges that list $GALA, let alone BEP-20 $pGALA on BNB Chain. We also contacted PancakeSwap and asked them to put a warning on the trading pair alerting people not to use it.
With this knowledge, pNetwork enacted their plan to drain the liquidity pool in order to give it back to the users upon redeployment of the new secured contract. Unfortunately, in this case, many users (and likely many bots) attempted to take advantage of the perceived arbitrage difference between the price of pGALA on PancakeSwap and the price of the ERC-20 GALA on exchanges. Some exchanges that had not stopped their deposits before this event ended up receiving large amounts of pGALA on BNB Chain, which impacts them and other major players in the market.
Within all of this, there is good news and bad news.
The good news is that the ERC-20 GALA is fundamentally untouched and none of this had anything to do with contracts managed, maintained, or deployed by Gala. Anyone who holds ERC-20 GALA isn’t exposed to this whole pNetwork incident at all. Additionally, according to pNetwork, the pNetwork GALA:pGALA bridge is also sound and the collateral is still there. According to their public statements, anyone who held pGALA before they began their whitehat operation will receive the new pGALA once the bridge is restored, which can then be bridged out for the original GALA.
The bad news is that there is still a LOT of pGALA out there. This isn’t our token, but we are sensitive to the concerns of the community of users who were stuck holding pGALA. We are currently investigating ways we can contribute to others’ efforts in this area. It isn’t our token or our mistake, but we want to act in the best interest of the community.
Decentralization can be a scary thing, and this incident shows how something fundamentally unrelated to one token can potentially impact others. In this industry, we are all in this together, and it is up to all of us to hold together.
At Gala, we believe in a better future, and we are working to build it with the community, one gamer, listener, and watcher at a time.