ChainCatcher news, the blockchain gaming platform Gala Games announced that it is suing pNetwork on behalf of pGala victims. Gala Games stated that pNetwork caused further damage due to negligence leading to security vulnerabilities and intentionally executing a failed recovery plan, which negatively impacted the market's perception of Gala and the GALA Token, harmed Gala's reputation, and damaged Gala's relationships with trading platforms.As a result, Gala is claiming $27,671,934.80 from pNetwork for self-paid expenses incurred due to breach of contract, additional damages, punitive damages, and other fees that the court deems just and fair. (Source link)

ChainCatcher news, Huobi has released a notification regarding the re-minting of the PGALA Token on the TRON network: Due to the pGALA Token contract using a Transparent Proxy model, and the owner private key of the pGALA proxy contract being leaked on Github, the contract configuration permissions have been lost, putting the pGALA contract at risk of being attacked at any time, posing a significant security threat.To protect the interests of PGALA holders on the platform, Huobi Global has decided to use the total amount of pGALA actually held by platform users: 6,211,014,582.57982347 as the total issuance, to re-mint a 100% decentralized, 100% circulating PGALA Meme Token (PGALA) on the TRON network, with the new contract address: TF7Ncj2PwKYxVthJaCZCRS98XgnXhJ347h.Once the contract replacement is completed, the deposit and withdrawal of PGALA will open on 2022-11-07 23:00:00 (GMT +8), and the tax burning mechanism will remain unaffected. Subsequent destructions will also be carried out on the new contract, with the destruction address being: T9yD14Nj9j7xAB4dbGeiX9h8unkKHxuWwb. Other trading platforms in the industry are welcome to support the trading and jointly destroy PGALA.

ChainCatcher news, according to SlowMist intelligence, on November 4th, an address on the BNB Chain minted over $1 billion worth of pGALA tokens out of thin air and sold them for profit through PancakeSwap, causing GALA to briefly drop over 20%. The analysis results from SlowMist are as follows:The pGALA contract uses a Transparent Proxy model, which has three privileged roles: Admin, DEFAULT_ADMIN_ROLE, and MINTER_ROLE.The Admin role is used to manage the upgrade of the proxy contract and change the Admin address of the proxy contract, the DEFAULT_ADMIN_ROLE is used to manage various privileged roles in the logic (e.g., MINTER_ROLE), and the MINTER_ROLE manages the minting permissions of pGALA tokens.In this incident, the Admin role of the pGALA proxy contract was designated as the proxyAdmin contract address at the time of contract deployment, while the DEFAULT_ADMIN_ROLE and MINTER_ROLE were initialized to be controlled by pNetwork. The proxyAdmin contract also has an owner role, which is an EOA address, and the owner can upgrade the pGALA contract through proxyAdmin.However, the SlowMist security team discovered that the private key of the owner address of the proxyAdmin contract was leaked in plain text on GitHub, allowing any user who obtains this private key to control the proxyAdmin contract and upgrade the pGALA contract at any time.The owner address of the proxyAdmin contract was replaced 70 days ago (on August 28, 2022), and another project managed by it, pLOTTO, is suspected to have been attacked.Due to the architectural design of the Transparent Proxy, the change of the Admin role of the pGALA proxy contract can only be initiated by the proxyAdmin contract. Therefore, after the loss of owner privileges of the proxyAdmin contract, the pGALA contract has been at risk of being attacked at any time.In summary, the root cause of the pGALA incident lies in the leakage of the owner private key of the Admin role of the pGALA proxy contract on GitHub, and its owner address was maliciously replaced 70 days ago, resulting in the pGALA contract being at risk of being attacked at any time. (source link)

ChainCatcher message, Huobi Global released a statement regarding the truth of the GALA incident: pNetwork maliciously exploited management privileges to issue over 55.6 billion GALA tokens on the BNB Chain, which is not a white hat action, but a premeditated hacking attack aimed at malicious profit. The claim of being a white hat is an illegal excuse sought to evade legal sanctions. Huobi will hold them fully accountable and seek compensation in accordance with the law on behalf of the industry and users. (source link)

ChainCatcher news reports that the cross-chain protocol pNetwork has released an analysis of the previous GALA incident, stating that the team noticed a configuration error in the pNetwork cross-chain bridge for GALA on November 3. The team observed that due to the configuration error, the ownership of the pGALA smart contract (deployed on BSC) had been secretly taken over. The attacker who gained ownership of the smart contract did not launch any attacks, but this situation highlighted a high-security risk that needed immediate mitigation. Therefore, pNetwork contacted GalaGames to decide to suspend cross-chain bridge activities and execute a white-hat drain of the pGALA/BNB PancakeSwap pool in an attempt to preserve the BNB funds in that pool so that they could be returned to their rightful owners (liquidity providers) once the situation was under control. The white-hat drain recovered 12,977 BNB (approximately 4.5 million USD), and the funds will be returned to the holders of currently uncollateralized pGALA, with a snapshot taken on November 7, 2022, at 16:00.The cross-chain protocol pNetwork minted over 1 billion USD worth of pGALA in the early morning of November 4 after redeploying the pGALA contract to "crash" the original pGALA pool, or due to the failure to communicate with the Huobi platform, temporarily shutting down deposit and withdrawal services, which led to a large number of users transferring coins from DEX to the Huobi platform and subsequently selling, triggering a price crash. (Source link)

ChainCatcher news, Sun Yuchen stated that, first, the joint project party will compensate 100% of all GALA real coin holders on the Huobi platform, with a one-to-one rigid redemption, totaling over 55 million GALA in compensation, and will reopen GALA token trading, deposits, and withdrawals on the Huobi platform to restore normal order.Secondly, according to the clues of the deposit of fake GALA coins into the platform, they will track down the attackers' illegal accounts.Thirdly, to maximize the protection of platform users' interests, the PGALA token will be launched with built-in burning mining, and all transaction fees from PGALA will be used to buy back and destroy PGALA continuously to empower.Fourthly, with due diligence, Huobi will launch a bounty program with a scale of 1 million USD to reward those who actively return profits gained from exploiting this vulnerability and have withdrawn their earnings from the platform. For malicious attackers who refuse to return, Huobi will collect evidence and collaborate with global partners to take all necessary measures for recovery. (source link)

ChainCatcher news, Huobi Global announced a notice regarding the pGALA tax burning mechanism on the BNB Chain, stating the following adjustments to maximize the protection of user asset security:The platform will close pGALA deposits;A tax burning mechanism will be set up, adjusting the pGALA spot trading fee to a bidirectional charge of 0.012 (1.2%), while other tax mechanisms within the platform will remain unaffected;All fee income will be used to repurchase and destroy pGALA, and the tax burning mechanism is expected to go live on November 5, 2022, at 0:00;All improper gains from the issuance of BNB Chain GALA tokens through deposits will be used to repurchase and destroy pGALA, and all trading fee income from GALA trading pairs on the platform from 0:00 to 24:00 on November 4 will be used to repurchase and destroy pGALA;Huobi will continue to negotiate with the project on behalf of users regarding compensation for asset losses caused by this incident.Previously, it was reported that the multi-chain routing protocol pNetwork caused the minting of over $1 billion worth of pGALA tokens on the BNB Chain due to a cross-chain bridge configuration error, profiting by selling on PancakeSwap. After proposing to rename the GALA bought during the abnormal event to pGALA and the project party agreeing to fully compensate users holding tokens before the incident, Huobi announced that GALA would be relisted. (source link)

ChainCatcher news, Huobi Global released the announcement on the handling of the GALA token abnormal incident (Part Four), stating that through communication with the Gala project, the Gala team has agreed to fully compensate the Gala holders before the incident. The platform will relist Gala and continue to maintain close communication with the project team. Please patiently wait for the latest official announcement regarding further developments. After this announcement, Huobi Global will have two assets, Gala and Pgala, distinguishing the timeline with the incident as the time node. Please be aware of trading risks.Previously, it was reported that the multi-chain routing protocol pNetwork caused the minting of over $1 billion in pGALA tokens on the BNB Chain due to a cross-chain bridge configuration error, and profited by selling on PancakeSwap. (Source link)

ChainCatcher news, Huobi Global has released a notice regarding the handling of the Gala Token incident and will temporarily delist GALA. Huobi will use the determined time point of the incident as a dividing line:For users who execute buy operations subsequently, the platform will rename their purchased GALA assets to Pgala. Pgala is unrelated to the original GALA token and is classified as a meme coin. Recharge has been closed, and only withdrawals and trading are supported.For GALA holders before the incident, in order to protect users' asset safety and rights, the platform will maintain close communication with the project party. Users are asked to patiently wait for further handling announcements.According to ChainCatcher previous reports, the pGALA contract was attacked, causing GALA to drop over 20% temporarily. (Source link)

ChainCatcher message, a BNB Chain address has minted over $1 billion worth of pGALA tokens out of thin air and sold them for profit through PancakeSwap, causing GALA to drop over 20% temporarily. The multi-chain routing protocol pNetwork tweeted that due to a cross-chain bridge configuration error, the pGALA contract on BNB Chain needs to be redeployed. They are currently working with the Gala Games team and PancakeSwap to obtain users' pGALA account balances and restore deposit and withdrawal functions.pNetwork stated that the GALA cross-chain bridge has been paused, and they are attempting to exhaust the liquidity on PancakeSwap. Users are advised not to trade pGALA on DEXs on BNB Chain. Additionally, after the new contract is deployed, new pGALA tokens will be airdropped at a 1:1 ratio, and a vulnerability report and update progress will be released within a few hours. Currently, GALA tokens on Ethereum and other assets on the cross-bridge are safe. (source link)