Hack Explained - Gala Games

Hack Explained - Gala Games


2 min read

Gala Games is a blockchain gaming platform that allows players to own and control their in-game assets through NFTs and decentralised gaming mechanisms. Recently, the platform suffered a significant security breach, resulting in the theft of approximately $240 million worth of GALA tokens. The high-level cause of this breach was identified as inadequate internal controls, which allowed the hacker to exploit the system.

Behind the Breach

The hack occurred when a hacker gained access to a dormant admin address within Gala Games. This unauthorised access enabled the hacker to mint 5 billion GALA tokens. The key vulnerability exploited was an access control weakness, allowing the attacker to leverage insufficient internal controls to gain administrative privileges. The hacker then sold 600 million of these newly minted tokens on decentralised exchanges such as Uniswap.

Lessons from the Incident

The breach underscores the necessity of robust internal security measures. The unauthorised sale of 600 million GALA tokens caused substantial financial and reputational harm to Gala Games. In response, Gala Games froze the compromised wallet and effectively burned the remaining 4.4 billion tokens to prevent further misuse.

Suggested Controls:

  1. Enhanced Access Control Mechanisms: Implementing multi-factor authentication (MFA) and more stringent access controls for sensitive administrative functions could prevent unauthorised access.

  2. Regular Security Audits: Conducting frequent and thorough security audits to identify and rectify potential vulnerabilities within the system.

  3. Incident Response Plan: Developing a robust incident response plan to swiftly address and mitigate security breaches as they occur.

Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.