Huobi Global's Statement on the Facts Regarding the GALA Incident

Dear Huobi Users,

In response to pNetwork's statement on the GALA incident today, Huobi Global's reply on what actually happened is as follows:

We think that pNetwork's action is not a "white hat" operation, but a malicious hack driven by profit and bad faith.

We have 3 reasons to back our argument:

1. In its prior communications with centralized exchanges, the pNetwork team never said it intended to attack its misconfiguration loophole by minting an astronomical amount of valueless tokens. What is worse than hiding its intention is that pNetwork exploited the loophole on its own smart contract and issued 55.6 billion PGALA tokens to carry out the attack 50 minutes after contacting other exchanges, not leaving sufficient response time to the exchanges. A postmortem investigation revealed that the misconfiguration, or vulnerability, was caused by a pNetwork engineer mistakenly embedding a key in the smart contract 67 days ago, which subsequently led to this very incident.

2. There is no evidence whatsoever that anyone would leverage this loophole to initiate an attack other than pNetwork who is eager to exploit it for profit. Even though there are many more secure solutions at hand, the pNetwork, despite the fact that the loophole has existed for 67 days, resorted to attacking the loophole and minting 55.6 billion tokens for profit within 50 minutes after communicating with exchanges. What a responsible project team should have done is to leave a minimum response time of 24 hours for exchanges to switch to the new token, suspend deposits and withdrawals on the old smart contract, and call for Pancakeswap users to retract their liquidity pools. It is unjusified and unnecessary for pNetwork to actively attack this loophole and mint an enormous amount of new tokens. Through this attack, pNetwork has profited over US$4.5 million. Meanwhile, multiple related addresses took planned and coordinated actions and made millions of dollars. Their combined profits are an excess of US$10 million, clearly indicating the purpose of the attack was to make profits.

3. pNetwork argued that the minting of an staggering amount of 55.6 billion tokens was to recoup a liquidity pool that is only worth US$400,000. This reasoning is groundless and farfetched. pNetwork and GALA teams were fully aware of the devasting impact of this operation. One would wonder why would they unilaterally minted 55.6 billion GALA tokens without leaving any time for third parties to react. In addition, pNetwork is not entitled to drain the US$400,000 liquidity pool, which belongs to users. All these seemingly preemptive actions are clearly profit-seeking behaviour in disguise. What pNetwork has done is to carry out an actual hack under the guise of "white hat" operation to avoid legal consequences!

In addition, we have sorted out the key event timeline relevant to Huobi Global as below:

11-03 19:23 (UTC): pNetwork contacted Huobi Global through a separate point of contact. However, it did not inform us that pNetwork was going to carry out the attack, nor did it indicate that it would issue 55.6 billion GALA tokens to be dumped in the market, which caused extremely heavy losses to innocent users and exchanges.

11-03 19:48 (UTC) GalaGames reported that Binance.US has confirmed BEP20 deposits/withdrawals for GALA are suspended. However it did not confirm the deposits/withdrawals with Huobi Global.

11-03 20:13 (UTC) pNetwork issued 27,814,200,000 pGALA.

11-03 20:27 (UTC) pNetwork issued another 27,814,200,000 pGALA, increasing the total circulation of pGALA to 55.6 billion.

11-03 20:28 (UTC) pNetwork issued an announcement falsely claiming the "misconfiguration of the p.Network bridge", which led to the minting of over $1 billion worth of pGALA tokens on BNB Chain out of thin air. pNetwork has conveniently covered up the fact that it was the hacker in this incident, and attacked the loophole to issue 55.6 billion GALA tokens out of thin air. The act of dumping for profit constitutes a criminal offense.

To sum up, we have reason to believe that:

pNetwork's action is not a "white hat" operation, but a malicious hack with profit as its the ultimate goal. We believe that this is a premeditated attack planned by the pNetwork team, and the white hat operation is just an illegal excuse sought by the pNetwork team to avoid legal consequences.

In its dealing with this incident, Gala and pNetwork teams never tried to reach Huobi Global via official communication channels to confirm the security and feasibility of their plans. Rather, they acted in bad faith and abused their management permission on BNB Chain by minting over 55.6 billion GALA tokens for profitable sell-offs.

The GALA and pNetwork teams could have used other safer method to fix the vulnerability and avoid this unfortunate incident from happening. However, they chose to cover up the facts and executed a massive attack involving 55.6 billion GALA tokens within 50 minutes after contacting the exchanges. This is a malicious attack motivated by profit and is tantamous to a terrorist attack on innocent users and platforms. The entire industry has suffered a huge blow because of this incident.

Not long before, on behalf of our users victimized by pNetwork's actions, Huobi Global communicated and negotiated with the pNetwork team in good faith for reasonable compensation to the victims. However, we did not receive an acceptable response from pNetwork as of the time this statement is published.

In view of pNetwork's unconfirmed unilateral statement on the GALA incident that seriously deviates from the facts, it shows how the project team is attempting to shirk responsibilities, while causing significant damage to the asset security of Huobi Global users. As the world's leading virtual asset trading platform, protecting our users' interests and safeguarding asset security have always been the core responsibility of Huobi Global since our establishment nine years ago. To fulfil our commitment to our users, we will take the lead in gathering and representing the victims of Huobi Global, and we will work with global partners to exercise all legal means, including class actions and lodging police reports, to investigate and pursue criminal charges against the perpetuators from pNetwork.

We urge all attackers who exploited the security vulnerability to return the unjustified gains. Huobi Global is willing to pay the attackers from our $1 million bounty fund and not pursue any legal action against them. Lastly, we would like to reiterate that Huobi Global always stand by our users, and we will not stop until all of our users' reasonable demands are satisfied.

 

Huobi Global

Nov 6, 2022

 

Trade on the go with Huobi Global App (iOS/Android)

Find us on

Twitter: https://twitter.com/HuobiGlobal

Facebook: https://www.facebook.com/huobiglobalofficial/

Instagram: https://www.instagram.com/huobiglobalofficial/

Reddit: https://www.reddit.com/r/HuobiGlobal/

Medium: https://huobiglobal.medium.com/

Telegram:

https://t.me/huobiglobalofficial

https://t.me/HuobiGlobal_zw

https://t.me/HuobiFutures_en

Discord:

https://discord.gg/huobi

Huobi Global reserves the right in its sole discretion to amend or change or cancel this announcement at any time and for any reasons without prior notice. The above is for information purposes only and Huobi Global makes no recommendations or guarantees in respect of any virtual asset, product, or promotion on Huobi Global. Prices of virtual assets are highly volatile and trading virtual assets involves risk. Please read our Risk Reminder text here.