More than $22 million worth of cryptocurrency was stolen from the Gala Games this week after someone compromised the blockchain platform. The company confirmed that it dealt with a security incident on 20 May, writing on social media that it was an “isolated incident, the cause of which has been addressed.”
“We are working closely with law enforcement to investigate the individuals behind the breach,” the company said, noting that it will provide updates as the investigation continues. Gala Games is a play-to-earn platform that rewards users with its own digital currency.[1]
Eric Schiermeyer, the founder of Gala Games, explained in his own social media post that the hacker was able to trade in 600 million GALA coins for 5,913 Ethereum, amounting to about $22.2 million. The hacker was able to create even more GALA coins, about 4.4 billion, but the person’s account was frozen by the platform before they could cash out the rest of their stolen loot. “I always knew there was a reason I never talk shit about other projects getting hacked...I'm sorry to say we had an incident that resulted in the unauthorized SALE of 600 million (21 million usd) $GALA tokens and the effective BURN of 4.4 billion tokens,” Schiermeyer said. When tokens are “burned” it means they can no longer be sold or used in other transactions. “We identified the compromise and within 45 minutes we secured and removed unauthorized access to the $GALA contract,” he added.
Schiermeyer went on to say that the attack happened because the platform’s internal controls were “messed up” and the company has identified the perpetrator. They are working with the FBI, US Justice Department and “a network of international authorities” on the incident.
Several blockchain security sleuths said the issue started when someone was able to take over an administrative account and mint an endless amount of new coins. Schiermeyer is best known for co-founding Zynga, a large gaming company behind popular online games like FarmVille. Gala Games was created in 2019, touting itself as the first blockchain gaming platform.
Similar platforms have been a frequent target for hackers. About $320,000 worth of Binance Coin (BNB) was stolen from cryptocurrency play-to-earn game WonderHero.
One of the biggest cryptocurrency hacks on record, involving the popular blockchain game Axie Infinity, saw more than $600 million siphoned from the platform in 2022.
The US Treasury Department attributed the Axie Infinity incident to North Korean government operators, who have stolen billions from cryptocurrency firms over the last three years.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Our services can help detect cyber threats and vulnerabilities. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://therecord.media/gala-games-cryptocurrency-theft/
Comments