Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The token GALA of the blockchain gaming platform Gala Games underwent a major upgrade on May 15, 2023, and the token contract address was updated. As a result, there are now two tokens in circulation, both called GALA. The price ratio of old GALA and normal GALA is 1:12. The attacker has been using old GALA tokens to deposit funds on various exchanges since July 27 this year to test fake deposits. At the same time, hackers were also involved in the LDO “fake top-up” incident and the Nomad Bridge attack last August. On September 6, hackers deposited old GALA tokens to CoinHub, successfully causing the exchange to treat the deposited old GALA tokens as normal GALA tokens. Then the hacker user withdrew the real GALA. Now there is only $168 worth of GALA left in the exchange hot wallet, and the hacker earned 2.7 ETH. Attack method (per SlowMist): False top-up. Reported loss: 2.7 ETH.
- chain
- —
- protocol
- Gala Games
- bug_class
- private-key
- date_occurred
- 2023-09-06
- loss_usd
- —
- source_id
- sm:gala-games::2023-09-06