Gala Games faced an exploit that could have potentially brought hackers several billion dollars.
Gala Games is a company that deals with play-to-earn format games. The company is quite young, it was founded in 2021 by Eric Schiermeyer and his team. Gala Games creates games itself, and also attracts third-party developers to participate in the project. The company's goal is to first make good play–to-earn games, and then a means of earning money.
“We believe the blockchain should be invisible in our games. We use simple game mechanics that all players can enjoy, whether or not they consider themselves to be blockchain pros. <…> Players get to truly own what they win in our games. If you earn or win a magical sword on the Gala Game Platform, it is yours.”
The company also has its own nodes ecosystem, users who participate can help the project.
“Everything within the Gala Games Network depends on the player-owned Node Ecosystem. The Gala Network is supported by users, just like you, who operate Gala Nodes from their home computers.”
Gala Games also has its own token – GALA. And also, there is a pGALA token, which is used in a bridge between GALA and BNB Chain. This was the cause for recent tensions developing.
pNetwork is a company which sets up cross-chain bridges and Gala Games partnered with them last year. pNetwork has been involved in creating a bridge between GALA and BNB Chain but, as it turned out, the problem was not in the bridge but in the BNB Chain contract - there was a gap in it, which no one had exploited yet. Thomas Bertani from pNetwork warned Gala Games about this breach.
“The breach had occurred because pNetwork engineers had mistakenly left a key in the contract and they had been used to change one of the control addresses. According to Bertani, this breach actually happened 67 days ago but had never been exploited. Essentially, the BNB Chain contract was a loaded bomb that could go off at any time if the malicious actor decided to exploit the contract. If there was any sign that the breach had been discovered, Bertani thought it likely that the malicious actor would swing into action, minting unlimited pGALA on the pNetwork pGALA contract.”
Gala Games contacted the exchanges and warned them about this breach. Many exchanges have suspended the input and output of pGALA, but unfortunately not all. Gala Games also warned PancakeSwap, and pNetwork developed a plan to deactivate the breach. In essence this meant that white hats hackers would attack their own contract in order to empty the liquidity pool and return user funds after the deployment of a new contract.
But, there was another problem: due to the fact that some exchanges did not suspend the input and output of pGALA, there was a difference between the price of pGALA on PancakeSwap and the price of ERC-20 GALA on exchanges. And with this difference, of course, many users decided to take advantage to benefit. The price of the GALA token against the background of these events first sharply soared by 68% (from $ 0.03591 to $ 0.0469), and then fell for two weeks. The lowest point of the GALA token price was reached on November 10 and amounted to $0.02527.
Gala Games tweeted that they see a lot of FUD (fear, uncertainty and doubt) in the community and reassured their users.
“The good news is that the ERC-20 GALA is fundamentally untouched and none of this had anything to do with contracts managed, maintained, or deployed by Gala. <…> The bad news is that there is still a LOT of pGALA out there. This isn’t our token, but we are sensitive to the concerns of the community of users who were stuck holding pGALA. We are currently investigating ways we can contribute to others’ efforts in this area. It isn’t our token or our mistake, but we want to act in the best interest of the community.”
The method chosen by pNetwork in order to solve the problem is very interesting – to attack their own contract. Probably, it is this action that distinguishes the genuineness of Gala Games and pNetwork from the rest. It's good that everything ended (relatively) well. We wish everyone not to encounter break-ins and continue to observe.