Attacker Generates GALA Tokens Worth $214 Million
Gala Games, a pioneering project in the Web3 gaming space, experienced a significant security breach on May 20. An attacker exploited the platform’s smart contract, minting an enormous 5 billion of its native GALA tokens, valued at an estimated $214 million. This event has sent ripples of shock and speculation throughout the community.
The Aftermath and Gala Community Reaction
Following the smart contract exploitation, the attacker swiftly sold 592 million GALA for 5,952 ETH, equating to roughly $21.8 million. The Gala Games team responded immediately to limit the damage. They blacklisted the attacker’s address, effectively freezing their ability to unload more tokens.
In a public announcement, the team underscored their dedication to security and transparency. They reassured users that they are presently working with law enforcement agencies to apprehend the culprits.
“The incident was isolated, and the root cause has been addressed. We will continue to provide updates as the investigation progresses and will take all necessary measures to prevent similar incidents in the future,” the statement read.
Eric Schiermeyer, the CEO of Gala Games, expressed his regret over the incident. He pointed out that the breach was identified and secured within a mere 45 minutes. Moreover, he emphasized that their ETH contract for GALA remains safe and is safeguarded by a multi-signature wallet.
“We faltered in our internal controls. This incident should not have occurred, and we are implementing measures to ensure it does not recur. We believe we have identified the perpetrator, and we are currently collaborating with the FBI, DOJ, and a network of international authorities. We are also addressing the issue of our daily distribution. We will be conducting a node vote on how to manage this issue. As always, the community will determine our course of action,” Schiermeyer stated.
Schiermeyer’s admission of internal control failures aligns with the findings of a Solidity developer known as Quit. According to Quit, the address implicated in the exploit had admin-level access, enabling it to execute arbitrary actions involving the smart contract. Quit advocates for the prohibition of contracts with admin privileges that can arbitrarily mint tokens.
In the aftermath of the hack, GALA’s price dropped from $0.047 to $0.038. However, it has since slightly rebounded to $0.041 at the time of writing.
Despite this recovery, fraudulent activities within the community continue. Scammers are exploiting the situation by impersonating Gala Games representatives and disseminating malicious links under the pretense of migrating to a new contract version.
