The Gala Games CEO owned up to the lapse in internal controls that resulted in the theft.
Web3 gaming project Gala Game was exploited by an unknown attacker, who was described as a compromised or rogue admin address, minted 5 Billion GALA, worth more than $200 million. The security incident has since been contained while the affected wallet has been frozen.
The team also said that the exploit was an isolated incident and law enforcement agencies have been roped in to identify the perpetrator.
‘Isolated Incident’
The exploit on Gala Games resulted in the unauthorized sale of 600 million of the tokens valued at $29 million worth at the time of the exploit via the decentralized exchange Uniswap. According to Solidity developer 0xquit, the attacker can create an additional 12 billion tokens before reaching the maximum limit.
However, the address that was exploited has been blocked, preventing further actions from that address. For the bad actor to mint or steal more tokens, they would need to gain access to a different administrator address.
Gala Games’ CEO Eric Schiermeyer took to X (formerly Twitter) to reveal that the exploit was identified within 45 minutes following which the team secured and removed unauthorized access to the GALA contract.
But this action did not stop the price of GALA from crashing almost 20% on May 21st from $0.048 to $0.039. The token has since stabilized.
Gala Games CEO Owns Up to Lapse
The exec admitted that Gala Games had failed to implement proper internal controls, leading to this unfortunate incident that should never have occurred. While Schiermeyer stated that the team believes they have identified the culprit behind the attack, they are now working closely with the FBI, Department of Justice, and international authorities to further investigate and address the matter.
Additionally, the CEO highlighted the pressing issue of the daily token distribution, stating that the community would decide through a node vote on how to proceed with handling this aspect.
“We messed up our internal controls…This shouldn’t have happened and we are taking steps to ensure it doesn’t ever again. We believe we have identified the culprit and we are currently working with the FBI, DOJ and a network of international authorities.”