Web3 Gaming Platform Gala Games Suffers $200M Exploit, CEO Believes Exploiter Identified
KEY POINTS
- A security auditor said the exploiter was 'systematically selling' the stolen $GALA tokens
- Gala's CEO admitted that the platform 'messed up' its internal controls
- The web3 gaming platform also said it was working with law enforcement
Popular web3 gaming platform Gala Games has suffered a multimillion-dollar exploit that involved an admin address minting billions worth of the platform's native $GALA token. The company's CEO admitted that the hack shouldn't have happened.
Pseudonymous blockchain security auditor Quit wrote on X (formerly Twitter) Monday that a "compromised or rogue Gala Games admin address minted 5 billion $GALA and has been systematically selling the tokens for the past 2 hours." The said tokens were worth around $200 million, as per Quit.
Gala CEO Eric Schiermeyer, who goes by Benefactor on X, acknowledged that 600 million $GALA tokens worth around $21 million were sold illegally and 4.4 billion tokens were effectively burned in the exploit.
"We messed up our internal controls...This shouldn't have happened and we are taking steps to ensure it doesn't ever again," he wrote. He noted that the Ethereum (ETH) contract for $GALA remains secure and is being protected by a multi-sig wallet. The system breach was identified in 45 minutes, as per Schiermeyer, and the unauthorized access has since been removed.
He further revealed that the web3 gaming company believes the hacker has been identified. Gala Games is working with the FBI, DOJ, and "a network of international authorities" at this point, Schiermeyer added.
The Gala Games X handle also posted that the attack was an "isolated incident," adding that users will be provided with updates as the investigation continues.
Web3 gaming enthusiasts have since rallied behind Gala, with one pointing out that such a "straight to the point" acknowledgment of an exploit is what the community appreciates.
Gala is just one of a growing list of crypto and web3 companies that suffered a security incident this year. However, it is one of the largest known exploits so far in 2024, aligning it with the likes of crypto exchange FixedFloat, which lost some $29 million in two separate system breaches by the same exploiters.
The latest hacking incident in the crypto sector was that of Solana blockchain memecoin Launchpad Pump.fun, which lost nearly $2 million after an alleged insider job that involved flash loan attacks.
The memecoin factory said the exploit was carried out by a former employee who used "their privileged position at the company to misappropriate $12.3K SOL," Solana's native token. Unlike the Gala Games exploit wherein many users seemed to empathize with the web3 gaming platform, several users expressed frustration with Pump.fun, arguing that the coin deployer should determine which security areas it will work on moving forward.
© Copyright IBTimes 2024. All rights reserved.