What happened to Gala Games after the $214 million smart contract vulnerability in 2024?

Smart Contract Vulnerability: 50 billion GALA tokens unauthorized minting worth $214 million on May 20, 2024

On May 20, 2024, Gala Games experienced a critical smart contract vulnerability that exposed a fundamental weakness in the platform's token architecture. An unknown attacker exploited flaws in the GALA token's smart contract, gaining unauthorized access to the minting function. This exploitation resulted in the unauthorized minting of approximately 5 billion GALA tokens, valued at around $214 million at the time of the incident. The attacker immediately proceeded to sell these newly minted tokens on decentralized exchange Uniswap, flooding the market and triggering significant price pressure. GALA's market value plummeted roughly 15% following the security breach. CEO Eric Schiermeyer responded swiftly, confirming via social media that the company identified the smart contract compromise and secured unauthorized access within just 45 minutes. The rapid containment prevented further token minting, though the damage was substantial. According to official statements, the affected wallet was frozen to prevent additional unauthorized transactions. This smart contract vulnerability highlighted critical gaps in Gala Games' internal control systems and security protocols, demonstrating how sophisticated attackers could exploit blockchain infrastructure weaknesses to manipulate token supply at massive scale.

Network Attack Incident: pNetwork engineer's exposed private key and subsequent emergency response complications

The exploit unfolded when a compromised administrator address gained unauthorized access to Gala's token minting smart contracts. This individual, identified as a rogue engineer associated with pNetwork infrastructure, possessed an exposed private key that granted direct control over critical blockchain functions. The attacker exploited this vulnerability to mint 5 billion GALA tokens valued at approximately $240 million, demonstrating the catastrophic risks posed by inadequate private key management in decentralized systems.

The emergency response mechanisms faced significant complications despite Gala Games' swift intervention. Before security teams could fully contain the situation, the attacker successfully sold roughly 600 million tokens through Uniswap, converting approximately $21 million worth into other assets. This rapid liquidation highlighted the challenges in responding to on-chain exploits, where transactions execute in seconds and recovery becomes increasingly difficult as assets disperse across multiple platforms.

Gala Games ultimately contained the damage by freezing the remaining 4.4 billion GALA tokens still in the attacker's possession. However, the incident revealed critical vulnerabilities in access control protocols and emergency response procedures within the smart contract architecture.

Centralized Custody Risk: Exchange-dependent crisis management and $50 million compensation by Huobi and Gala Games

The pGALA incident exposed a critical vulnerability inherent in centralized custody models, where users' assets held on exchange platforms became concentrated targets during security breaches. When the smart contract vulnerability impacted Gala Games' ecosystem, the reliance on exchange custody mechanisms to manage user funds created significant operational challenges. This exchange-dependent approach to asset management meant that crisis response required coordination between multiple parties rather than direct protocol-level remediation, complicating recovery efforts and extending resolution timelines.

Recognizing the severity of this centralized custody risk, Huobi and Gala Games jointly committed to addressing victim losses through a structured compensation framework totaling $50 million. Huobi pledged $25 million comprising 15 million USDT and $10 million in equity compensation, while Gala Games contributed an equivalent $25 million package. This coordinated response demonstrated how exchange platforms and gaming projects must collaborate when centralized systems fail. The compensation plan underscored the limitations of depending on single custodians for asset security, ultimately reinforcing the need for decentralized custody alternatives and improved smart contract auditing protocols within the gaming ecosystem.

FAQ

What was the specific $214 million smart contract vulnerability in Gala Games in 2024, and how was it discovered?

A hacker exploited Gala Games smart contract vulnerability in May 2024, minting 5 billion GALA tokens worth approximately $214 million. Security researchers discovered the flaw, exposing critical platform security gaps and causing massive token value loss.

What impact did this security incident have on Gala Games users' funds and gaming assets?

The incident resulted in over $25 million in user losses. Affected users experienced significant cryptocurrency and in-game asset damage. Gala Games implemented compensation measures to reimburse impacted users, though complete details remained partially undisclosed as of February 2026.

What measures did the Gala Games team take to address and fix this smart contract vulnerability?

Gala Games patched the vulnerability through a hard fork and deployed a corrected smart contract version. The team compensated affected users for lost assets and implemented enhanced security audits to prevent future incidents.

How did the Gala Games token (GALA) price perform after this event, and has it recovered?

GALA token price declined following the incident, with only temporary recovery. As of February 7, 2026, the token has not rebounded to bull market levels, failing to capitalize on the broader crypto market recovery.

What impact did this event have on games and partners in the Gala Games ecosystem?

The Gala Games ecosystem remained unaffected by the pGALA vulnerability. The incident did not involve any contracts managed by Gala. ERC-20 GALA tokens are safe, and games and partners experienced no disruption to operations.