A Recent Upgrade in GALA Token Contract Address Opens Loophole for Hackers
A recent upgrade in the GALA token contract address has created a vulnerability that hackers are exploiting to target cryptocurrency exchanges. This upgrade resulted in the generation of a new contract address for the GALA token, allowing the circulation of two versions of the token – the “old Gala” and the “new Gala.” The price ratio between these two tokens is set at 1:12.
A crypto security researcher named X-explore discovered that hackers had already taken advantage of this loophole on September 6th by withdrawing all GALA tokens from Coinhub, a Mongolian crypto exchange. So far, Coinhub has not made any public statements regarding this incident. It is uncertain how many other trading platforms are susceptible to this attack.
X-explore emphasizes that fake deposits have always been a significant security concern for crypto exchanges. They urge these platforms to update the addresses of tokens supporting deposits and review their asset verification processes.
It is worth noting that SlowMist analysts previously warned about a similar operational issue with the LDO Token contract, which has also been exploited by hackers. X-explore believes that the same individuals involved in the GALA token attack were responsible for previous attacks involving LDO false top-ups and the Nomad Bridge attack in August 2023.
Hot Take: Cryptocurrency Exchanges Must Stay Vigilant Against Exploits
The recent GALA token contract address upgrade has exposed vulnerabilities in cryptocurrency exchanges, making them susceptible to fake top-ups using old tokens. This incident serves as a reminder for exchanges to prioritize security measures and regularly update their systems to defend against evolving hacking techniques. By ensuring that token addresses are up-to-date and implementing robust asset verification processes, exchanges can reduce the risk of falling victim to such attacks.
By
By
By
By