According to CryptoPotato, Web3 gaming project Gala Game was recently exploited by an unidentified attacker, who minted 5 billion GALA, valued at over $200 million. The security breach has been contained and the affected wallet has been frozen. The Gala Game team has stated that the exploit was an isolated incident and law enforcement agencies are now involved in identifying the perpetrator.
The exploit resulted in the unauthorized sale of 600 million tokens, valued at $29 million at the time of the exploit, via the decentralized exchange Uniswap. Solidity developer 0xquit has stated that the attacker could potentially create an additional 12 billion tokens before reaching the maximum limit. However, the exploited address has been blocked, preventing further actions from that address. For the attacker to mint or steal more tokens, they would need to gain access to a different administrator address.
Gala Games’ CEO Eric Schiermeyer revealed on X (formerly Twitter) that the exploit was identified within 45 minutes, after which the team secured and removed unauthorized access to the GALA contract. Despite these actions, the price of GALA dropped almost 20% on May 21st from $0.048 to $0.039. The token has since stabilized.
Schiermeyer admitted that Gala Games had failed to implement proper internal controls, leading to this unfortunate incident. While the team believes they have identified the culprit behind the attack, they are now working closely with the FBI, Department of Justice, and international authorities to further investigate and address the matter. The CEO also highlighted the pressing issue of the daily token distribution, stating that the community would decide through a node vote on how to proceed with handling this aspect.