|
On September 13th, according to X-explore monitoring, Gala Game token GALA faces a ""fake deposit"" risk on CEX due to contract changes. Exploiting this vulnerability, hackers withdrew all GALA tokens worth 2.7 ETH from Coinhub on September 6th.
X-explore reports that GALA underwent a significant upgrade on May 15, 2023, with an updated token contract address. As a result, there are now two tokens in circulation, both referred to as GALA. The exchange rate between the old GALA and the regular GALA is 1:12. Since July 27th of this year, the attacker has been using the old GALA token to deposit on various exchanges to test fake deposits.
Simultaneously, the hacker was involved in the LDO ""fake deposit"" incident and last year's Nomad Bridge attack. On September 6th, the hacker deposited the old GALA token into CoinHub, successfully tricking the exchange into considering the deposited old GALA as genuine Gala tokens. Subsequently, the hacker withdrew the real Gala tokens, leaving only $168 worth of Gala in the exchange's hot wallet, and profiting 2.7 ETH.
In prior reports, according to the SlowMist security team's on-chain intelligence, LDO's Token contract had a potential ""fake deposit"" risk, and malicious actors might attempt fraudulent activities using this feature.
In response, Lido Finance stated that, despite claims that the hacker exploited known security vulnerabilities in the LDO token contract, LDO and stETH tokens remain secure. Lido has not confirmed any vulnerabilities but acknowledges that security vulnerabilities are known. |
|