The exploit has highlighted vulnerabilities within the project’s internal controls, prompting immediate action from the company.

The response

In a May 21 post on social media, Gala Games acknowledged the incident and explained:

“We messed up our internal controls…This shouldn’t have happened, and we are taking steps to ensure it doesn’t ever [happen] again.”

The company assured its community that the compromise was swiftly identified and contained within 45 minutes, securing the GALA contract and removing unauthorized access.

Gala Games also emphasized that its Ethereum contract for GALA remains secure and protected by a multi-signature wallet.

Additionally, the team said it has identified the culprit behind the exploit and is working with law enforcement around the world to apprehend them.

The company is also addressing the impact on their daily distribution process, with plans to hold a node vote to determine the next steps, allowing the community to decide the path forward.

The exploit

The initial reports of the exploit indicated that over 5 billion $GALA tokens were minted during the hack or insider theft.

Solidity developer 0xquit noted that the attacker utilized an admin address to mint the tokens, speculating that either an external hacker or a rogue address owner was responsible.

The exploited address was quickly blocklisted, preventing further token minting without access to another admin address.

The breach caused the value of the $GALA token to decline sharply, from $0.048 to $0.038, a loss of over 20% in less than two hours before recovering to $0.043.

Despite these setbacks, the GALA token, valued at $1.56 billion, remains one of the top 70 largest cryptocurrencies by market cap.

As the investigation continues, Gala Games is committed to enhancing its security measures and maintaining transparency with its community.

Mentioned in this article