Gala Games Hit by $23 Million Token Exploit Due to ‘Messed Up’ Internal Controls

Journalist

Hassan Shittu

Journalist

Hassan Shittu

About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Author Profile

Share

Copied

Last updated:

May 21, 2024 06:54 EDT

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Gala Games, a prominent blockchain gaming platform, experienced a significant security breach that resulted in the unauthorized sale of 600 million GALA tokens, valued at $23 million. CEO Eric Schiermeyer confirmed that the incident was attributed to inadequate internal controls.The exploit occurred on May 20 at 7:32 pm UTC when a hacker accessed a Gala Games admin address. This access enabled the attacker to mint 5 billion new GALA tokens worth approximately $200 million. The attacker then sold 600 million of these newly minted tokens on the decentralized exchange Uniswap.Notably, this breach is not Gala Games’ first encounter with security issues. In 2021, the company lost $130 million in a similar exploit. 

“Messed Up Internal Controls” Leads to Gala Games Breach

.@poweredbygala hacked?

seems like someone minted 5B tokens ~1 hour ago, valued at ~$220M

has been dumping in batches of 100 ETH on @0xProject, address is currently sitting on ~4.6K ETHhttps://t.co/08D4qAd0lk pic.twitter.com/A63jxhESlW

— devops199fan 🔪📜😅 ⌐◨-◨ (@devops199fan) May 20, 2024

Blockchain analyst @devops199fan first reported the incident, noting the sudden minting of a large volume of GALA tokens. Following the notification, Gala Games quickly mitigated further damage.

In response to the breach, Gala Games froze the compromised wallet, preventing the hacker from selling the remaining tokens. Gala Games identified and removed the unauthorized access to the GALA contract, assuring stakeholders that its Ethereum contract remains secure and uncompromised. 

Hey Everyone…

I always knew there was a reason I never talk shit about other projects getting hacked…I'm sorry to say we had an incident that resulted in the unauthorized SALE of 600million (21million usd) $GALA tokens and the effective BURN of 4.4 billion tokens.

We…

— benefactor (@Benefactor0101) May 20, 2024

Furthermore, CEO Schiermeyer announced via X that the remaining 4.4 billion tokens were effectively rendered unsellable and burned to prevent additional exploitation. Also, the company is working closely with the FBI, the U.S. Justice Department, and international authorities to investigate the incident and apprehend those responsible.

“We had an incident that resulted in the unauthorized sale of 600 million GALA tokens and the effective burn of 4.4 billion tokens. We messed up our internal controls. This shouldn’t have happened, and we are taking steps to ensure it doesn’t happen again,” Schiermeyer stated.

The immediate aftermath saw GALA’s price plummet to a 24-hour low of $0.038, a 20% drop from its daily high. However, according to CoinGecko, the token price has since partially recovered to $0.041.

In addition to the recent breach, the ongoing internal legal battles between Schiermeyer and co-founder Wright Thurston, who have filed lawsuits against each other over mismanagement and theft allegations, add to the company’s turmoil.

However, Gala Games has assured its users and investors that it is implementing more robust internal controls to prevent future incidents and is committed to maintaining a secure and robust platform for blockchain gaming.

The Rise Of Crypto Exploits: Recent Incidents

Sonne Finance, a lending protocol, recently suffered a $20 million exploit on May 14, impacting cryptocurrencies, including WETH and USDC. Sonne Finance paused all markets on Optimism and began investigating with Cyvers. Despite efforts to recover funds and offer a bug bounty, the hacker has already moved a significant portion of the stolen assets to a new wallet, suggesting an intent to launder them through a privacy protocol like Tornado Cash.Rain cryptocurrency exchange also experienced a potential exploit on April 29, transferring approximately $14.1 million worth of various cryptocurrencies to a suspicious wallet, as reported by on-chain analyst ZachXBT. The exploit involved significant outflows from Rain’s Bitcoin, Ethereum, Solana, and XRP wallets. The stolen funds were quickly exchanged for Bitcoin and Ethereum and moved to specific addresses on these networks. Notably, the Ethereum address currently holds about 1,881 ETH, valued at $5.5 million, while the Bitcoin address holds 137.9 BTC, valued at $8.6 million.Arkham Intelligence data shows that the funds were traced back through various Bitgo multi-signature wallets, though they have not been explicitly linked to Rain. Despite this, over 590 ETH, 20 billion Shiba Inu, 12,500 Chainlink, $240,000 in Tether, and $500,000 in USD Coin were swapped for ETH on Uniswap, with additional funds from a Binance hot wallet. Pike Finance, a DeFi lending protocol, also suffered a $1.6 million exploit due to a smart contract vulnerability. Over three days, funds were stolen across the Ethereum, Arbitrum, and Optimism chains.