Gala Games Hacked In $21M Worth In ETH. What Happened?

Gala Games on the Ethereum blockchain faced a shocking security breach. The incident has raised significant questions about blockchain security and the future of digital assets.

<img src="gala games, ethereum, security, blockchain.png" alt="">

A few weeks ago, on May 21st, 2024, a significant security breach occurred involving the Web3 game Gala Games, which operates on the Ethereum blockchain. This incident, moreover, was one of the major attacks. Consequently, it contributed to Ethereum being the most targeted blockchain during that period.

Eric Schiermeyer, the founder of Gala Games, shared on his social media that a hacker managed to exchange 600 million GALA coins for 5,913 Ethereum, which is roughly $22.2 million. Furthermore, the hacker created approximately 4.4 billion more GALA coins; however, their account was frozen by the platform before they could withdraw the remaining stolen funds.

Gala Games confirmed the partial return of funds and is closely monitoring the situation. As a result, the exploit led to the unauthorized creation and sale of 5 billion GALA tokens, causing a sharp drop in their market value. Although some funds have been recovered, the incident has raised serious concerns about security and its impact on the Gala community.


What was the 21 million exploit ?

Hackers exploited vulnerabilities within the Gala Games platform. Consequently, this led to the unauthorized minting of 5 billion GALA tokens. These tokens were initially valued at around $200 million. The attackers managed to swap approximately $21 million worth of GALA tokens for Ethereum; however, the breach was contained shortly afterward.


Gala Security Breach and Its Impact on the Crypto Industry

This exploit was among the most significant attacks on ETH in May 2024, and consequently, it contributed to the network accounting for 43% of the total cryptocurrency losses from hacks and fraud that month. Moreover, the incident caused a notable drop in the price of GALA tokens and subsequently led to panic selling among token holders.

Gala Games quickly acted by adding the attacker’s address to a blocklist, preventing further liquidation of the stolen tokens. The team collaborated with international law enforcement agencies, including the DOJ and FBI, to investigate the breach and, as a result, recover some of the stolen assets.

In the aftermath, Gala Games acknowledged internal control failures and, consequently, committed to improving security protocols to prevent future incidents. Furthermore, they assured that their Ethereum contract for GALA tokens remained secure and emphasized the need for stricter security practices.

This incident highlights the need for strong security and, therefore, swift response to reduce the impact of blockchain exploits.


What Measures Could Have Been Taken By Gala To Avoid The Exploit?

<img src="gala games, ethereum, security, blockchain.png" alt="">

To prevent the exploit that Gala Games faced, they could have implemented several security measures:

Strict Access Controls to Prevent Security Breaches

Multi-Signature Wallets: Implement a multi-signature wallet for critical administrative functions. This requires multiple authorized users to approve transactions, significantly reducing the risk of a single point of failure.

Role-Based Access Control (RBAC): Implement granular access control policies to ensure you grant permissions to users based on their roles.

Regular Security Audits

External Audits: Conduct regular and thorough security audits by reputable third-party firms, like Certik to identify and mitigate vulnerabilities in the smart contract code.

Internal Code Reviews: Perform frequent internal code reviews to catch potential security flaws early in the development process.

Advanced Monitoring and Incident Response

Real-Time Monitoring: Utilize real-time monitoring tools to detect suspicious activities promptly. Automated alerts can notify the team of unusual transactions or access attempts.

Incident Response Plan: Develop and maintain a comprehensive incident response plan that includes predefined steps for addressing security breaches quickly and effectively.

Enhanced Authentication Mechanisms

Two-Factor Authentication (2FA): Enforce 2FA for all administrative access to sensitive systems and wallets.

Hardware Security Modules (HSM): Use HSMs to manage and protect cryptographic keys used in critical operations.

Security Awareness and Training for Breach Prevention

Regular Training: Conduct regular security training sessions for all employees, emphasizing the importance of cybersecurity best practices and the proper handling of sensitive information.

Phishing Simulations:

Run phishing simulations to educate employees on recognizing and responding to social engineering attacks. Additionally, these simulations will help them to better understand the tactics used by attackers.

Integration with Trusted dApps

Collaborate with trusted decentralized applications to enhance overall security and resilience against future exploits.

<img src="gala games, ethereum, security, blockchain.png" alt="">

Smart Contract Security Practices

Immutable Contracts: Design smart contracts to be immutable where possible; consequently, this prevents unauthorized changes after deployment.

Fail-Safe Mechanisms: Implement fail-safe mechanisms like pause or emergency stop functions in smart contracts to activate upon detecting an exploit.

Community and Ecosystem Engagement

Bug Bounty Programs: Establish and promote bug bounty programs to encourage security researchers to find and report vulnerabilities.

Transparent Communication: Maintain transparency with the community about security practices and incidents, thereby fostering trust and collaboration.


The recent exploit of Gala Games underscores the critical importance of robust security measures in the blockchain space. Despite the $21 million return, platform vulnerabilities led to a $200 million loss and a drop in GALA token value. This major May 2024 attack on Ethereum underscores the need for continuous security enhancements. Therefore, these should include strict access controls, regular audits, real-time monitoring, and moreover, collaboration with trusted decentralized applications. Moreover, it emphasizes the importance of securely maintaining digital assets in safe gaming wallets, thereby safeguarding users’ investments against potential exploits.