Over $210 Million Worth Of GALA Tokens Stolen By Hacker

Gala Games, a project in Web3 gaming, encountered a significant security breach on May 20th. An individual exploited the smart contract of the platform, creating 5 billion GALA tokens, valued at around $214 million. This event has caused considerable concern within the community and led to widespread speculation.

Gala Games Security Breach

Following the exploitation of the smart contract, the individual promptly sold 592 million GALA for 5,952 ETH, approximately $21.8 million. The Gala Games team swiftly took action to minimize the impact, by blacklisting the address of the individual in question, thereby preventing further token offloading.

In an official statement, the team underscored their dedication to security and openness. They reassured users of their ongoing cooperation with law enforcement to locate the culprits. This incident was isolated, and its root cause has been resolved, according to the team, who will update the community as the investigation progresses and implement all necessary measures to avert future occurrences.

Taking Responsibility

Eric Schiermeyer, CEO of Gala Games, expressed regret over the incident. He acknowledged that the breach was detected and contained within 45 minutes. He also highlighted the security of their ETH contract for GALA, safeguarded by a multi-signature wallet.

Eric claims that there were certainly gaps in internal controls, and that while this should not have happened, the team is currently implementing measures to prevent its recurrence. He went on to say that the team has successfully identified the responsible party and are cooperating with the FBI, DOJ, and international authorities. It is worth mentioning that the matter of daily distribution remains unresolved, and that there will still be a node vote on its resolution as the community will decide the next course of action, Schiermeyer stated.

Following the admission of internal control deficiencies by Eric, a Solidity developer known as Quit corroborated the findings. According to Quit, the address behind the exploit possessed admin-level permissions, enabling it to execute arbitrary actions involving the smart contract. Quit advocates for banning contracts with admin privileges allowing arbitrary token minting.