Another day, another cybersecurity incident in the Wild Wild West that is the crypto world. This week, the victim was Gala Games, a pioneering crypto gaming project that was targeted by a hacker who managed to steal approximately $200 million by messing up with the protocol’s minting mechanisms.

On Monday, an anonymous party gained control of administrative security credentials and managed to mint a mind-blowing total of 5 billion GALA tokens. The incident triggered a sharp sell-off, causing the token’s price to plummet by over 20% in the first few hours after the situation became public.

The total number of tokens minted represented a whopping 10% of the token’s circulating supply at the time.

Here’s how it went down.

Hacker Sells $29M Via Decentralized Exchanges

According to the scarce few details emerging from the incident, this was a highly sophisticated attack that took advantage of vulnerabilities within the Gala Games’ smart contract infrastructure.

The smart contracts developer and security auditor 0xQuit was among the first to sound the alarm, noting on the social media platform X (formerly Twitter) that “a compromised or rogue Gala Games admin address minted 5 Billion $GALA ($200M) and has been systematically selling the tokens for the past 2 hours.”

It appears that the attacker wasted no time to cash in on the proceeds of the theft as he (or maybe they) rapidly offloaded a portion of the newly minted tokens on the decentralized exchange Uniswap.

According to some estimates, around 600 million GALA tokens, which were worth approximately $29 million at the time, were effectively sold.

As you would probably expect, the impact on the price of the GALA token price was quite severe. In just two hours, the token’s value plummeted from $0.047 to a low of $0.038, representing a staggering 15% decline as the market reacted to the sudden sell pressure. Naturally, this is devastating for the project and its holders, but it held up better than expected for such a massive incident.

Gala Games’ Swift Response and Damage Control Efforts

While the initial stages of the attack caught the Gala Games team off guard, they moved quickly to mitigate the damage and secure the platform’s infrastructure.

In a statement posted to the company’s Discord server and social media channels, the CEO of Gala Games, Eric Schiermeyer, confirmed the incident and outlined the steps they took to contain the situation.

“We identified the compromise, and within 45 minutes, we secured and removed unauthorized access to the GALA contract,” Schiermeyer wrote. “It’s important to note our ETH contract for GALA is secure and protected by a multi-sig wallet. It was never compromised.”

Crucially, Gala Games managed to freeze the wallet containing the remaining 4.4 billion GALA tokens that had not been sold, effectively rendering them inaccessible and “burned” from circulation.

GALA token drops sharply following news of the hack

This decisive action prevented further financial losses for the protocol and helped stabilize the token’s price. OxQuit highlighted that the hacker could have minted up to 12 billion more tokens based on the admin wallet’s permissions. This would have been disastrous for the protocol and could have totally jeopardized its ability to outlive the breach.

The price of the GALA token recovered some of its lost territory as a result, moving from its low of $0.040 to $0.042 as of this morning as investors show major confidence in the team.

Gala Games Seems to Know Who Is Behind the Breach

In the wake of the exploit, Gala Games has not only been focused on damage control but has also taken steps to bring the perpetrator(s) to justice. Schiermeyer revealed that the company has been in close cooperation with the FBI, the U.S. Department of Justice, and “a network of international authorities” to investigate the breach and track down those responsible.

“We messed up our internal controls…This shouldn’t have happened and we are taking steps to ensure it doesn’t ever again,” Schiermeyer stressed. “We believe we have identified the culprit,” he added.

While the identity of the attacker remains unknown to the public, Schiermeyer’s statement suggests that Gala Games has a strong lead on the individual or group behind the exploit. In most cases, these incidents end up pointing to the involvement of an insider in the project, either directly or indirectly. The fact that Gala says it knows who the culprit is reinforces this idea.

The involvement of multiple law enforcement agencies emphasizes the seriousness of the incident and the developing team’s determination to hold the perpetrators accountable.

Users and Partners Will Likely Question the Project’s Architecture and Call for Additional Safety Measures

Despite the initial shock and steep price decline, the GALA token has demonstrated remarkable resilience in the aftermath of the exploit.

However, the road ahead for the platform just faced a major roadblock as both users and partners will certainly call into question whether it is safe enough to harbor their precious blockchain games and assets. Investors will be more cautious with GALA token especially with the threat of a similar exploit in the back of their minds.

Hence, in addition to the financial losses incurred, the exploit has dealt a significant blow to Gala Games’ reputation and credibility within the blockchain gaming ecosystem.

Moreover, this is not the first time that Gala Games has suffered a cybersecurity breach. In 2023, the project’s CEO sued its co-founder, Wright Thurston, for allegedly stealing a total of $130 million worth of GALA tokens.

Thurston responded by suing Schiermeyer in return for using the company’s assets to pay for luxury goods and fund a lavish lifestyle.

The community is wondering: could Thurston be responsible for today’s attack? He certainly has enough knowledge about the project’s infrastructure, architecture, and safety protocols. The fact that Schiermeyer seems certain about who the perpetrator is gives some credibility to this theory.

To regain the trust of its users and the crypto community, Gala Games will need to undertake a comprehensive review of its security protocols and implement robust measures to prevent similar incidents from occurring in the future.

This may include enhanced multi-signature wallet protection, more stringent access controls, and regular third-party audits of its smart contracts.

Moreover, the platform will need to address the concerns surrounding the potential vulnerability of its token issuance mechanism, which played a pivotal role in enabling the attacker to mint billions of GALA tokens.

While the specifics of the exploit remain unclear, the incident has highlighted the need for greater transparency and accountability when it comes to token minting and distribution processes.

Gala Games Prompts Users to Rapidly Migrate Assets to V2

In a proactive move to safeguard the integrity of its ecosystem, Gala Games has announced an urgent migration plan for all GALA token holders. The company is now prompting users to transfer their tokens to a new, more secure V2 contract before the current V1 contract expires at midnight UTC on May 21, 2024.

This migration is crucial not only to protect users’ assets but also to ensure the long-term viability of the GALA token and the Gala Games platform itself.

By transitioning to a new contract with enhanced security features and more rigorous auditing, the company aims to restore confidence in its infrastructure while preventing similar incidents from occurring in the future.

While the migration process may cause some temporary inconveniences for users, it represents a necessary step towards rebuilding the community’s trust and safeguarding the platform’s future growth and development.

Gala Games and the GALA Token Into the Future

Gala Games is a pioneering blockchain gaming platform that aims to revolutionize the gaming industry by leveraging the power of decentralized technologies and non-fungible tokens (NFTs).

The platform’s native GALA token serves as the primary currency within its ecosystem, allowing users to purchase in-game assets, participate in virtual economies, and earn rewards for their engagement and involvement with the games.

With a strong focus on creating immersive and engaging gaming experiences, Gala Games has attracted a sizable user base and garnered significant attention within the broader crypto and gaming communities.

However, this recent exploit is casting a shadow over the platform’s reputation and raises questions about the security and sustainability of its tokenomics model.

As Gala Games navigates the aftermath of this crisis, its ability to learn from this incident, implement robust security measures and regain users’ trust will be crucial for its long-term success.