Gala Games Exploiter Returns $20 Million Following Protocol Intervention
In a dramatic turn of events, Gala Games, a Web3 gaming network, saw the return of over $20 million just a day after freezing 90% of stolen funds following a major exploit. On May 20, Gala Games was hacked, resulting in the theft of more than $200 million and causing a 20% drop in the price of its native token, GALA. Remarkably, all stolen funds still held by the hacker were returned within 24 hours.
The breach occurred when the hacker gained control of the mint function, allowing them to create 5 billion GALA tokens. Gala Games CEO Eric Schiermeyer clarified that the Ethereum contract for GALA remained secure; the exploit succeeded due to internal control failures.
“We believe we have identified the culprit and are collaborating with the FBI, DOJ, and a network of international authorities,” Schiermeyer stated.
The Gala team acted swiftly, freezing 90% of the unauthorized tokens within 45 minutes of detecting the suspicious activity. They leveraged a new feature from the protocol’s version 2 contract upgrade, which enabled them to blocklist the compromised wallet. Despite these efforts, the hacker managed to liquidate 600 million GALA tokens on the decentralized exchange Uniswap, netting a little over $20 million.
While the return of the stolen funds is a positive development, it leaves Gala with the dilemma of handling the frozen, illegitimately minted tokens. The company plans to hold a governance vote on whether to burn the 4.4 billion frozen GALA tokens. This process would involve upgrading the contract and implementing a hotfix to remove the illegitimate supply, followed by a token burn to send these tokens to an irretrievable address.
If the governance vote passes, the contract upgrade and token burn are expected to occur within the next 72 hours.
Leave a comment