Gala Games said it responded quickly to the major May 20 security breach that resulted in the unauthorized sale of $21 million worth of titles. GALA tokens and the “effective combustion” of an additional 4.4 billion tokens.
The exploit exposed vulnerabilities within the project's internal controls, prompting the company to take immediate action.
The answer
In a May 21 social media post, Gala Games acknowledged the incident and explained:
“We messed up our internal controls… This should not have happened, and we are taking steps to ensure it never happens again.”
The company assured its community that the compromise was quickly identified and contained within 45 minutes, securing the GALA contract and removing unauthorized access.
Gala Games also emphasized that its Ethereum contract for GALA remains secure and protected by a multi-signature wallet.
Additionally, the team said they have identified the culprit behind this exploit and are working with law enforcement agencies around the world to apprehend him.
The company is also addressing the impact on its daily distribution process, planning to hold a node vote to determine next steps, allowing the community to decide the path forward.
The feat
Initial reports of the exploit indicated that over 5 billion $GALA tokens were created during the hack or insider theft.
Solidity developer 0xquit noted that the attacker used an administrator address to create the tokens, speculating that an external hacker or malicious address owner was responsible.
The exploited address was quickly blacklisted, preventing further token creation without access to another administrator address.
The violation caused a sharp drop in the value of the $GALA token, from $0.048 to $0.038, a loss of more than 20% in less than two hours before rising back to $0.043.
Despite these setbacks, the GALA token, valued at $1.56 billion, remains one of the 70 largest cryptocurrencies by market capitalization.
As the investigation continues, Gala Games is committed to strengthening its security measures and maintaining transparency with its community.