Gala Games Attacker Returns Ethereum After $240 Million Token Exploit

The as-yet-identified attacker behind Monday’s $240 million Gala Games token exploit has returned the Ethereum (ETH) gained from selling some of the tokens, as Gala reckons with the fallout from the attack and how to address lingering questions.

Approximately 5,913 ETH, or about $22 million, was sent back from the attacker’s wallet to a Gala wallet on Tuesday morning, representing the funds earned from selling 600 million GALA tokens on decentralized exchange Uniswap shortly after Monday’s exploit.

In Gala’s Discord server Tuesday, CEO Eric “Benefactor” Schiermeyer said that the firm will “probably buy and burn” GALA tokens using the recovered ETH—a move that could potentially drive up the price of the token following Monday’s dip.

On Monday, Schiermeyer wrote in a Discord announcement that the crypto gaming startup believed it knew who was behind the attack, and said it was working with authorities to bring the attacker to justice. The person in question has yet to be publicly identified, and Gala Games would not comment further beyond published statements.

Gala published a blog post recounting the attack and the firm’s countermeasures on Tuesday. A wallet with administrative access to the GALA token minting contract minted 5 billion GALA tokens on Monday, or about $240 million worth at the time of the exploit, and then proceeded to start selling them on the open market.

After about 45 minutes, Gala was able to block the wallet from making any further sales thanks to a function built into its v2 contract upgrade from last fall. The attacker was able to sell 600 million GALA tokens before that happened, and the price of GALA plunged by 20% during that span as the market contended with the flood of tokens.

“We want to assure our community that the minting capabilities of $GALA on GalaChain remain secure and uncompromised,” the post reads. “Our internal controls and multisig security protocols are designed to protect against such incidents, and we are continuously enhancing them to stay ahead of potential threats.”

However, while the firm claimed that the contract is secure, Schiermeyer previously wrote on Monday that Gala had “messed up” in regards to access to such functions.

"We messed up our internal controls... this shouldn't have happened and we are taking steps to ensure it doesn't ever again," he wrote Monday.

What about the other 4.4 billion GALA tokens? That’s nearly 9% of the total supply of 50 billion GALA tokens, and they currently sit frozen inside of the attacker’s wallet. On Monday, Schiermeyer wrote that they would be considered “effectively burned,” as they’re inaccessible and can’t be spent.

In other words, the Gala ecosystem would consider them removed from circulation. But now, it appears that Schiermeyer’s classification was premature, and the community of Gala network node operators will have the opportunity to vote on the question.

“A new Founder’s Node ecosystem governance vote will soon decide if the blocklisted GALA will be considered burned as it relates to GALA’s dynamic supply distribution model as described in the Gala Ecosystem Blueprint,” the post reads.

Edited by Ryan Ozawa.