Security

‘We Messed Up’: Gala Games Confirms $240 Million Worth of Tokens Swiped via Exploit

The price of the Gala Games (GALA) token plunged on Monday after an attacker minted and made off with 5 billion tokens via the Gala smart contract, with the swiped tokens worth around $240 million at the time of the exploit.

Ultimately, the attacker managed to sell 600 million of the tokens via decentralized exchange Uniswap, or about $29 million worth at the time of the exploit. The price dropped 20% in less than an hour amid the selling, plunging from about $0.048 to $0.038.

“A compromised or rogue Gala Games admin address minted 5 Billion $GALA ($200M) and has been systematically selling the tokens for the past 2 hours,” pseudonymous smart contract developer and security auditor 0xQuit wrote on Twitter.

Nearly two hours after the hack was spotted, Gala CEO Eric “Benefactor” Schiermeyer posted an update to the Gala Discord server confirming the exploit and explaining the situation.

A compromised or rogue Gala Games admin address minted 5 Billion $GALA ($200M) and has been systematically selling the tokens for the past 2 hours.

This is why decentralization is important – I prefer “can’t be evil” over “don’t be evil”, and design with that in mind.

Outlaw… pic.twitter.com/aZkQZ2zYi6

— Quit (@0xQuit) May 20, 2024

“We identified the compromise and within 45 minutes we secured and removed unauthorized access to the GALA contract,” Schiermeyer wrote. “It’s important to note our ETH contract for $GALA is secure and under the protection of a multi-sig wallet. It was never compromised.”

The same message was posted to the Gala Games Twitter account. Later, Gala said that the wallet in question had been “frozen.” As a result, the remaining 4.4 billion tokens that weren’t sold are described in the initial post as being “effectively burned,” meaning they can’t be transferred or accessed and thus are considered destroyed. The total supply of GALA encompasses 50 billion tokens.

Hey Everyone…

I always knew there was a reason I never talk shit about other projects getting hacked…I’m sorry to say we had an incident that resulted in the unauthorized SALE of 600million (21million usd) $GALA tokens and the effective BURN of 4.4 billion tokens.

We…

— benefactor (@Benefactor0101) May 20, 2024

“We messed up our internal controls… this shouldn’t have happened and we are taking steps to ensure it doesn’t ever again,” Schiermeyer added. “We believe we have identified the culprit and we are currently working with the FBI, DOJ, and a network of international authorities.”

In a follow-up tweet, Gala Games described the attack as an “isolated incident.” Gala did not immediately respond to Decrypt’s request for comment.

GALA has rebounded to a price of about $0.04272 as of this writing, putting the token’s price essentially flat over the past 24 hours. That’s due in part to a market-wide surge that has seen Ethereum itself surge by 20% over the past day, with the residual effects of the market swing apparently offsetting the impact of the sales.

The security incident involving the $GALA token has been contained and the impacted wallet has been frozen.

This was an isolated incident, the cause of which has been addressed and we are working closely with law enforcement to investigate the individuals behind the breach.…

— Gala Games (@GoGalaGames) May 21, 2024

In 2023, Schiermeyer sued fellow Gala co-founder Wright Thurston, alleging that the latter stole $130 million in GALA tokens.

According to the lawsuit, GALA tokens were moved from a company wallet and spread across 43 wallets under Thurston’s control before being sold between September 2022 and May 2023.

In a countersuit, Thurston alleges Schiermeyer neglected to seek his input while making transactions that led to the “sell off and waste [of] millions of dollars in company assets.”

Edited by Andrew Hayward

Source

Click to rate this post!
[Total: 0 Average: 0]
Show More

Leave a Reply

Your email address will not be published. Required fields are marked *