Gala Games (GALA token contract): Compromised Admin Account — Unauthorized Token Minting
An attacker reactivated a 180-day-dormant Gala Games MINTER account to mint 5 billion GALA tokens (nominally $216M), sold 592 million for $21.8M in ETH before Gala's own blocklist function halted further sales — with all funds mysteriously returned the next day.
Summary #
Gala Games (GALA token contract) suffered a Gaming Token / NFT Platform on 2024-05-21, resulting in a loss of approximately $22M.
What happened #
An attacker reactivated a 180-day-dormant Gala Games MINTER account to mint 5 billion GALA tokens (nominally $216M), sold 592 million for $21.8M in ETH before Gala's own blocklist function halted further sales — with all funds mysteriously returned the next day.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-027 — causal : ★ Single admin EOA — when value mentions key compromise [via realtime_signals/Governance/admin action: Y — admin mint function exercised by compromised/unauthorized account]
- RD-F-031 — causal : Signer rotation recency [via cross-hack: Factor 56: Dormant Admin Key > 30 Days]
- RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action: Y — admin mint function exercised by compromised/unauthorized account]