GALA token exploit resulted from public leak of private key on GitHub

3 years ago CryptoExpert
GALA token exploit resulted from public leak of private key on GitHub



According to a new post by blockchain security firm SlowMist on Nov. 7, it appears that the last week’s token exploit affecting GameFi project Gala Games resulted from a public leak of applicable security keys on GitHub. As told by SlowMist, pNetwork, the cross-chain interoperability bridge used by Gala Games on the BNB Smart Chain, had three privileged roles in its smart contract pGALA.

“The Admin role is used to manage upgrades and changes to the Admin address of the proxy contract. The DEFAULT_ADMIN_ROLE role is used to manage various privileged roles in the logic (eg: MINTER_ROLE ), and the MINTER_ROLE role manages the pGALA token minting authority.”

SlowMist went on to explain that both the DEFAULT_ADMIN_ROLE and MINTER_ROLE roles were controlled by pNetwork during initialization. Meanwhile, the proxy admin contract was an externally owned address responsible for upgrading the pGALA contract. However, the firm posted a screenshot alleging that the plaintext private key for the proxy admin owner address was exposed and publicly viewable on GitHub. Thus, any user with access to the private key could have manipulated the pGALA contract at any time. On Aug. 28, the proxy admin contract owner was replaced, making the protocol vulnerable to an attack.

The Gala Games token bridge was exploited on Nov. 3 after a single wallet address appeared to have minted over $2 billion in GALA (GALA) tokens out of thin air and dumped the tokens on decentralized exchange PancakeSwap. Around 12,977 BNB (BNB), worth $4.5 million, was drained from the liquidity pool.

Cryptocurrency exchange Huobi alleged the aforementioned activities were a scheme for profit orchestrated by pNetwork. The latter has denied such allegations, while also stating in its post-mortem analysis that “No funds loss happened on the GALA cross-chain bridge. All GALA tokens on Ethereum are safe.”

Phemex



Source link

Tags:
Fiverr

More Stories

SharpLink Buys $54M in ETH, Holdings Reach $1.65B

Institutions Must Stake Ether On Decentralized Infrastructure

15 hours ago CryptoExpert
Altcoins Aren’t Dead; Long Live Altcoins

Altcoins Aren’t Dead; Long Live Altcoins

2 days ago CryptoExpert
Singapore University Partners With Zero Gravity to Build Transparent Blockchain‑Based AI Systems

Singapore University Partners With Zero Gravity to Build Transparent Blockchain‑Based AI Systems

3 days ago CryptoExpert
Privacy Coins Are Not Radical; Surveillance Money Is

Privacy Coins Are Not Radical; Surveillance Money Is

4 days ago CryptoExpert
Italian Banks Back Digital Euro, Urge ECB to Stagger Implementation Costs

Italian Banks Back Digital Euro, Urge ECB to Stagger Implementation Costs

5 days ago CryptoExpert
DeFi Turns Toward Transparency Amid Market Turmoil

DeFi Turns Toward Transparency Amid Market Turmoil

6 days ago CryptoExpert

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

OKX Launches DEX Trading for US Users Amid Record Volumes

OKX Launches DEX Trading for US Users Amid Record Volumes

14 hours ago CryptoExpert
Over $120M crypto longs liquidated in the past hour as Bitcoin dips below $103K

Over $120M crypto longs liquidated in the past hour as Bitcoin dips below $103K

15 hours ago CryptoExpert
SharpLink Q3 Revenue Soars 1,100% as ETH Treasury Strategy Accelerates

SharpLink Q3 Revenue Soars 1,100% as ETH Treasury Strategy Accelerates

15 hours ago CryptoExpert
Under 10 Joules per Terahash: Auradine Unleashes High-Efficiency Teraflux Miners With 50% Power Boost 

Under 10 Joules per Terahash: Auradine Unleashes High-Efficiency Teraflux Miners With 50% Power Boost 

15 hours ago CryptoExpert
You have not selected any currency to display

Pin It on Pinterest

Crypto-Moon
Bybit
Crypto-Moon
GALA token exploit resulted from public leak of private key on GitHub
Phemex
Fiverr
SharpLink Buys $54M in ETH, Holdings Reach $1.65B
Altcoins Aren’t Dead; Long Live Altcoins
Singapore University Partners With Zero Gravity to Build Transparent Blockchain‑Based AI Systems
Privacy Coins Are Not Radical; Surveillance Money Is
Italian Banks Back Digital Euro, Urge ECB to Stagger Implementation Costs
DeFi Turns Toward Transparency Amid Market Turmoil
Binance
Changelly
OKX Launches DEX Trading for US Users Amid Record Volumes
Over $120M crypto longs liquidated in the past hour as Bitcoin dips below $103K
SharpLink Q3 Revenue Soars 1,100% as ETH Treasury Strategy Accelerates
Under 10 Joules per Terahash: Auradine Unleashes High-Efficiency Teraflux Miners With 50% Power Boost 
Three Catalysts That Could Boost XRP This Month
OKX Launches DEX Trading for US Users Amid Record Volumes
Over $120M crypto longs liquidated in the past hour as Bitcoin dips below $103K
SharpLink Q3 Revenue Soars 1,100% as ETH Treasury Strategy Accelerates
Under 10 Joules per Terahash: Auradine Unleashes High-Efficiency Teraflux Miners With 50% Power Boost