On May 20, the Web3 gaming project Gala Games suffered a major security breach. A hacker exploited the platform’s smart contracts to mint 5 billion GALA tokens worth approximately $214 million.
The incident sent shockwaves through the community and sparked widespread speculation.
Key details of the Gala Games exploit and community reaction:
After exploiting the smart contract, the hacker quickly sold 592 million GALA in exchange for 5,952 ETH, or about $21.8 million. The Gala Games team immediately took action to mitigate the damage. They blacklisted the hacker's address, freezing its ability to sell more tokens.
In a public statement, the team stressed their commitment to security and transparency. They assured users that they are currently working with law enforcement to track down the perpetrators.
The statement noted: "This incident has been confirmed as a single incident and we have addressed its cause. At the same time, we will continue to update the progress of the investigation and take all necessary precautions to avoid such incidents from happening again."
Gala Games CEO Eric Schiermeyer expressed regret for the incident. He noted that the vulnerability was identified and secured within 45 minutes. In addition, he emphasized that their GALA ETH contract remains secure and protected by a multi-signature wallet.
Schiermeyer said: "We have failed to address our internal controls. This should never have happened, and we are taking action to ensure it does not happen again. We believe we have identified the perpetrator and are currently working with the FBI, DOJ, and international agencies. In addition, we have issues with daily allocations to resolve. We will decide how to handle this issue by voting by nodes. As always, the community's decision will guide our actions."
Schiermeyer's admission of internal control failures is consistent with the findings of Solidity developer Quit, who pointed out that the address that caused the security vulnerability had administrator-level permissions, which allowed it to perform arbitrary operations on smart contracts. Quit advocated that contracts that give administrators unlimited power to mint tokens at will should be banned.
After the hack, the price of $GALA plummeted from $0.047 to $0.038. However, at the time of writing, it has recovered slightly to $0.041.
Conclusion:
Gala Games suffered a major security breach when a hacker exploited the platform’s smart contracts to mint 5 billion GALA tokens worth $214 million, then quickly sold some of the tokens for ETH. The company responded quickly by blacklisting the hacker’s address and freezing its ability to trade, while working with law enforcement to track down the perpetrator. CEO Eric Schiermeyer acknowledged that internal controls failed and said steps were being taken to prevent a similar incident from happening again. The community participated in decision-making through node voting, demonstrating the power of decentralized governance.
This incident highlights the challenges that Web3 projects face in terms of security, while also demonstrating the transparency and cooperation of the community and team in responding to crises. As the investigation proceeds and security measures are strengthened, Gala Games and the entire cryptocurrency community will hopefully learn from this and work together to build a more secure and stable network environment. The community's involvement and the team's proactive actions lay the foundation for Gala Games' future and set an example for improving security standards across the industry. #GalaGame #黑客