Hack or security measures? Anyway, crypto holders got burned
(Bloomberg) — Was it another crypto hack? Or was it a “white hat” attempt to ensure that a blockchain project is safe from the malicious actors who persecute the digital asset industry?
Regardless, investors in the GALA cryptocurrency were taken for a wild ride on Friday, with the token plunging as much as 30% before recovering, based on aggregate exchange data from CoinGecko. On one crypto exchange, GALA plunged 99% at one point.
Foul play or not, the incident underscores the nervous mood gripping the crypto industry after some $3 billion in exploits this year exposed major security holes. With their money at risk of being stolen by hackers, investors are dumping crypto assets at the slightest hint of trouble.
Read more: ‘Financial hacking’ plagues DeFi in latest setback for Crypto
The episode also illustrates the sometimes confusing complexity of crypto projects, which involve a “wrapped” version of GALA called pGALA, a “liquidity pool” on a decentralized exchange, and a “bridge”—the software protocols that allow tokens to be exchanged across blockchains, and which has become a prime target for hackers.
The problem started when over $2 billion worth of pGALA tokens appeared to have been created out of thin air on a single blockchain address. The mysterious address then began dumping these tokens on the decentralized exchange PancakeSwap, sparking fears of a hack and setting in motion the market cascade that sent GALA on a rollercoaster ride.
GALA is the initial token of Gala Games, a platform for games to earn blockchain games. The “wrapped” version, pGALA, can be considered a derivative that allows Gala players to exchange coins they earn for other cryptocurrencies.
When the price of pGALA fell on PancakeSwap, an arbitrage opportunity appeared. Some crypto traders bought it there at rock-bottom prices, then quickly sold the coin on centralized exchange Huobi, causing the price to crash there as well. Due to the link to pGALA, the GALA coin was swept along.
That’s when backers of pNetwork, the software bridge used to host pGala, added a new twist to the story by announcing on Twitter that it had created the fresh tokens as part of a “white hat” operation after discovering a security weakness.
“We noticed that pGALA was no longer considered safe and coordinated the white hat attack to prevent pGALA from being exploited maliciously. Funds are safe, but users should NOT transfer or buy/sell pGALA on pancake swap,” pNetwork wrote in another tweet.
Disgruntled traders, meanwhile, took to the social media platform to voice their displeasure.
Yajin Zhou, CEO of crypto-security firm BlockSec, said pNetwork’s version of events is likely accurate — but still, the initiative could have been better handled.
“Even if this is the truth, they should publicly tell the owners and explain what will happen before minting and selling, otherwise it will cause panic and users will sell their tokens,” Zhou said in an interview over the Telegram chat app.
PNetwork did not respond to requests for further comment. It said on the Telegram chat room that a more detailed postmortem will be released later.
GALA traded at around $0.034 at 10 in London, down 14% in the last 24 hours, according to CoinGecko.
©2022 Bloomberg LP