Gala Games Hack

Gala Games experienced the exploit in a potential private key leakage, which led to 5,000,000,001 $GALA tokens being minted, estimated at ~$220M at the moment of the hack. The exploiter started to exchange the tokens in batches via 0x Protocol.

Gala Games experienced a security incident on May 20 where a hacker exploited an access control vulnerability in the GALA token contract, seizing control of an admin address to mint 5 billion GALA tokens worth $216 million. The hacker quickly sold 592 million tokens for $21.8 million in ETH on decentralized exchanges like Uniswap and 0xProject, causing the token's price to drop by 20%. Gala Games detected the exploit, activated their blocklist function, which had been implemented a year earlier, and froze the rogue wallet, mitigating further damage.

The Ethereum contract for GALA was secure and under the protection of a multi-sig wallet. The company worked with the FBI, DOJ, and international authorities to identify the hacker, who later returned approximately $22 million in ETH to a Gala-controlled wallet. The remaining funds were secured, and Gala Games plans to use the returned ETH to buy back and burn GALA tokens to stabilize the supply.

Despite the rapid response, the incident caused significant market disruption, contrasting with the broader market rally following Ethereum ETF approval news. The exploit highlighted critical access control failures and suspicious internal activities, with historical incidents suggesting potential internal sabotage.

Attacker:

https://etherscan.io/address/0xe2ca4711…100f97

Mint tx:

https://etherscan.io/tx/0xa6d90abe…f077fe

List of sell txs can be found here:

https://etherscan.io/token/0xd1d2eb1b…c87cae?a=0xe2ca4711…100f97