Gala Games, a Web3 gaming project, faced a significant security breach on May 20. A hacker exploited the platform’s smart contract, minting 5 billion of its native GALA tokens worth approximately $214 million.
This incident has sent shockwaves through the community and sparked widespread speculations.
Gala Games Exploit: Key Details and Community Response
After exploiting the smart contract, the hacker promptly sold 592 million GALA for 5,952 ETH, approximately $21.8 million. The Gala Games team took immediate action to mitigate the damage. They blacklisted the hacker’s address, freezing their ability to offload more tokens.
In a public statement, the team emphasized their commitment to security and transparency. They assured users that they are currently collaborating with law enforcement to track down the perpetrators.
“This was an isolated incident, the cause of which has been addressed. […] We will provide updates as the investigation continues and take all necessary steps to prevent future incidents,” the statement read.
Eric Schiermeyer, CEO of Gala Games, expressed regret over the incident. He noted that the compromise was identified and secured within 45 minutes. Furthermore, he stressed that their ETH contract for GALA remains secure and protected by a multi-signature wallet.
“We messed up our internal controls. This shouldn’t have happened, and we are taking steps to ensure it doesn’t happen again. We believe we have identified the culprit, and we are currently working with the FBI, DOJ, and a network of international authorities. There is the issue of our daily distribution. We will be having a node vote on how to handle this issue. As usual, the community will decide how we proceed,” Schiermeyer said.
Schiermeyer’s acknowledgment of internal control failures aligns with findings by a Solidity developer known as Quit. According to Quit, the address responsible for the exploit had admin-level clearance, allowing it to perform arbitrary actions involving the smart contract. Quit advocates banning contracts with admin privileges capable of arbitrary token minting.
Following the hack, GALA’s price plunged from $0.047 to $0.038. However, it has slightly recovered to $0.041 at the time of writing.
Despite this recovery, fraudulent activity in the community persists. Scammers are capitalizing on the situation by impersonating Gala Games representatives and spreading malicious links under the guise of migrating to a new contract version.