Gala Games is a blockchain gaming platform that allows players to own and control their in-game assets through NFTs and decentralised gaming mechanisms. Recently, the platform suffered a significant security breach, resulting in the theft of approximately $240 million worth of GALA tokens. The high-level cause of this breach was identified as inadequate internal controls, which allowed the hacker to exploit the system.
The hack occurred when a hacker gained access to a dormant admin address within Gala Games. This unauthorised access enabled the hacker to mint 5 billion GALA tokens. The key vulnerability exploited was an access control weakness, allowing the attacker to leverage insufficient internal controls to gain administrative privileges. The hacker then sold 600 million of these newly minted tokens on decentralised exchanges such as Uniswap.
The breach underscores the necessity of robust internal security measures. The unauthorised sale of 600 million GALA tokens caused substantial financial and reputational harm to Gala Games. In response, Gala Games froze the compromised wallet and effectively burned the remaining 4.4 billion tokens to prevent further misuse.
Enhanced Access Control Mechanisms: Implementing multi-factor authentication (MFA) and more stringent access controls for sensitive administrative functions could prevent unauthorised access.
Regular Security Audits: Conducting frequent and thorough security audits to identify and rectify potential vulnerabilities within the system.
Incident Response Plan: Developing a robust incident response plan to swiftly address and mitigate security breaches as they occur.