- Gala Games exploiter has returned $22 million he had stolen from the project
- The project said that it had involved law enforcement agencies immediately after the exploit
- Gala Games disclosed that they’ll use the funds to buy back GALA tokens to replenish part of those stolen
Web3 gaming startup Gala Games has revealed that it has received slightly above $22 million from a malicious actor who had exploited the project on May 20 and stole GALA tokens worth roughly $200 million. According to the project, the attacker was only able to pocket $22 million worth of tokens before his wallet was frozen. Gala said that it will use the recovered funds to buy back the tokens, something that may improve users’ confidence in the project.
Exploiter Identified
The exploiter returned the funds on May 21, roughly a day after stealing the tokens. Gala Games said that their swift involvement of law enforcement agencies enabled them to corner the attacker, forcing him to return the funds.
Update: The funds from the recent security incident have been recovered.
At this time we will be using #GalaSwap to convert the Ethereum back to $GALA.
— Gala Games (@GoGalaGames) May 21, 2024
In a post shortly after the exploit, Gala Games co-founder Eric Schiermeyer claimed that they had identified the attacker including his physical address. Although Gala has yet to disclose how the attack happened, some community members allege that it was due to a security contractor connecting to the wallet without a VPN.
The account connected to the wallet connected most of the time via a VPN…and once without a VPN.
The IP address they connected from is a known address.
— Jason Brink aka BitBender (@BitBenderBrink) May 21, 2024
Gala Governance Proposal on the Table
Gala has also announced a “new 24-hour Gala Founders Node governance” proposal to decide on upgrading the project’s token contract and to consider the frozen tokens burnt.
A new 24 hour Gala Founder’s Node governance is now live, in which operators will decide if a $GALA contract upgrade will be deployed in order to enhance security and burn ~5B illegitimate $GALA that resulted from a recent unauthorized minting incident.https://t.co/iGSKP9Y3Gv
— Gala Games (@GoGalaGames) May 22, 2024
The Gala saga comes nine months after the web3 gaming startup’s co-founder sued the CEO on allegations of token theft. A year ago, Gala took pNetwork to court blaming it for a hack where it lost more than one million dollars.
With the Gala exploiter returning stolen funds and a proposal to upgrade the token contract, it’s to be seen whether the security incident will affect the project’s adoption.
