Gala Games, a blockchain gaming platform, faced a major security breach on Monday, resulting in the loss of millions of dollars worth of its native GALA token.
According to reports, an attacker exploited a vulnerability in Gala Games’ internal controls to mint a staggering 5 billion GALA tokens, valued at around $240 million at the time of the incident.
TLDR
- Gala Games suffered a security exploit where an attacker minted 5 billion GALA tokens worth around $240 million at the time.
- The attacker managed to sell 600 million of the tokens for around $29 million on Uniswap before Gala Games contained the incident.
- Gala Games CEO Eric Schiermeyer admitted to having “messed up” internal controls that enabled the exploit.
- The remaining 4.4 billion tokens were effectively burned and cannot be accessed or transferred.
- Gala Games is working with law enforcement agencies like the FBI and DOJ to identify the culprit behind the attack.
The attack unfolded swiftly, with the perpetrator swiftly selling 600 million of the minted tokens on the decentralized exchange Uniswap, netting approximately $29 million in the process.
The sudden influx of GALA tokens into the market caused the price to plummet by 20% within an hour, dropping from around $0.048 to $0.038.
Gala Games CEO Eric Schiermeyer was quick to acknowledge the incident, taking responsibility for the lapse in security measures that enabled the exploit. In a statement posted to the Gala Games Discord server and Twitter, Schiermeyer admitted,
“We messed up our internal controls… this shouldn’t have happened and we are taking steps to ensure it doesn’t ever again.”
While the Ethereum contract for the GALA token remained secure and under the protection of a multi-signature wallet, the attacker managed to gain unauthorized access to the GALA contract itself.
Hey Everyone…
I always knew there was a reason I never talk shit about other projects getting hacked…I'm sorry to say we had an incident that resulted in the unauthorized SALE of 600million (21million usd) $GALA tokens and the effective BURN of 4.4 billion tokens.
We…
— benefactor (@Benefactor0101) May 20, 2024
Schiermeyer confirmed that within 45 minutes of identifying the compromise, Gala Games had secured and removed the unauthorized access to the contract.
In an effort to mitigate further damage, Gala Games took swift action to freeze the wallet associated with the attacker. As a result, the remaining 4.4 billion tokens that were not sold were effectively burned, rendering them inaccessible and unable to be transferred or accessed.
The incident has raised concerns within the cryptocurrency community, particularly regarding the security measures employed by Gala Games and other blockchain-based platforms.
The security incident involving the $GALA token has been contained and the impacted wallet has been frozen.
This was an isolated incident, the cause of which has been addressed and we are working closely with law enforcement to investigate the individuals behind the breach.…
— Gala Games (@GoGalaGames) May 21, 2024
Schiermeyer acknowledged the gravity of the situation, stating, “We believe we have identified the culprit and we are currently working with the FBI, DOJ, and a network of international authorities.”
This is not the first time Gala Games has faced significant token losses due to security breaches. In early 2021, the platform lost $130 million after 8.65 billion GALA tokens were stolen, leading to legal disputes between the company’s co-founders Eric Schiermeyer and Wright Thurston.
The recent exploit has once again highlighted the importance of robust security measures and internal controls in the cryptocurrency and blockchain space.
As these technologies continue to gain mainstream adoption, ensuring the safety and integrity of digital assets will remain a top priority for developers and platform operators alike.