On March 20, GameFi project Gala Games revealed it has recently filed a lawsuit against pNetwork, the cross-chain interoperability bridge Gala uses on the BNB Smart Chain. In November 2022, Gala Games was exploited when an unauthorized wallet address mined over $2 billion in GALA and dumped the tokens on PancakeSwap, depleting $4.5 million from the liquidity pool and causing a steep drop in the price of GALA tokens.
According to the lawsuit, pNetwork’s “negligence and tortious interference” led to the occurrence. The blockchain analytics platform SlowMist asserted on November 7, 2022, that the problem might have been caused by a plain text private key leak in one of three pNetwork-affiliated smart contracts on Gala.
SlowMist reported that the private key had been made publicly viewable on GitHub. A lawsuit was filed revealing that pNetwork had acknowledged the inadvertent leakage of a governance key during the deployment of the pGALA bridge. It was stated in the lawsuit that the leaked key was subsequently exploited by an unknown party to compromise the pGALA contract on the BNB chain.
A spokesperson for pNetwork made a statement regarding the GALA Games Project’s decision to file a lawsuit against them. The representative expressed surprise and concern and clarified that they had already submitted a detailed report to the Swiss authorities three months prior, outlining the entire incident.
It further mentioned that the report included complete conversations and pertinent documentation. They also made an allegation that the Gala Games team had deleted certain messages relevant to their involvement in the planning, support, and communication of the supposed white hat intervention.
pNetwork restated that they had been entirely transparent and compliant with the authorities throughout the incident and expressed confidence that the facts would eventually be revealed. Following the occurrence, pNetwork asserted that their actions during the exploit were carried out as a “white hat move.” However, this statement has been disputed by cryptocurrency exchange Huobi Global.
Gala Games alleges the alleged breach resulted in over $25 million in damages and is suing pNetwork for $27.7 million in out-of-pocket costs related to the breach, further compensation for injuries, punitive penalties, and other relief.
In the event of a favorable outcome in the legal case against pNetwork, Gala has declared that any awarded damages, excluding legal fees, will be converted into $GALA and destroyed. Gala has also acknowledged the harm that pNetwork’s actions caused to several third parties and has encouraged these affected parties to reach out to their legal team.
According to a post-mortem analysis dated November 5, 2022, ownership of the pGALA smart contract on Binance Smart Chain was covertly taken over due to a misconfiguration. Consequently, the attacker could take over the token smart contract, create new tokens, and control pGALA.
Furthermore, it added that no hack was conducted by the smart contract’s current owner, who they called the “attacker.” However, the incident highlighted a significant security risk that required immediate mitigation.
Gala further stated that pNetwork established a plan to fully refund the BNB assets received through the whitehat draining of the pool on November 5, 2022, but failed to implement the plan in a follow-up on November 11, 2022. pNetwork stated in a Telegram post that the first phase of its recovery plan involving GALA tokens “has been completed,” but the second phase involving BNB tokens “is still on hold.”
The pNetwork stated that the team initially met with the Swiss authorities, specifically the “Ministero Pubblico” in Lugano, Switzerland, on February 8 to address the incident. The discussion is ongoing, and the team anticipates progress in the following weeks.
In a court of law, none of the charges have been proven. PNetwork indicated that it would continue to work closely with Swiss authorities and offer any additional information required to address this matter in the best interests of all parties.