Web3 gaming network Gala Games was exploited for more than $200 million on May 20, leading to a 20% drop in the price of its native token GALA. Less than a day later, all the stolen funds still in the hacker’s possession had been sent back.
The hacker exploited the protocol and minted 5 billion GALA tokens by gaining control of the mint function. According to Gala Games CEO Eric Schiermeyer, the Ethereum contract for GALA was never compromised, but the hack was possible because the protocol “messed up” internal controls.
“We believe we have identified the culprit and we are currently working with the FBI, DOJ and a network of international authorities,” said Schiermeyer.
The Gala team said that they had worked quickly to freeze 90% of the tokens in the unauthorized wallet around 45 minutes from the time they detected the suspicious transfer. The team was able to use a new feature that was implemented in the protocol’s version 2 contract upgrade to blocklist the wallet.
However, the exploiter was able to sell 600 million GALA tokens for a little over $20 million through the decentralized exchange Uniswap.
Although the funds have since been returned, the question of what to do with the frozen illegitimately minted tokens still remains. Gala now plans to hold a governance vote on whether to burn the 4.4 billion GALA tokens that were frozen, which would involve upgrading the contract and implementing a hotfix that removes the illegitimate supply, and a token burn that sends these tokens to an address from which they cannot be retrieved.
A new 24 hour Gala Founder’s Node governance is now live, in which operators will decide if a $GALA contract upgrade will be deployed in order to enhance security and burn ~5B illegitimate $GALA that resulted from a recent unauthorized minting incident.https://t.co/iGSKP9Y3Gv
— Gala Games (@GoGalaGames) May 22, 2024
If approved, the contract upgrade and token burn is set to take place within the next 72 hours.