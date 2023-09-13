According to X-explore monitoring, the Gala Game token, GALA, has a risk of "fake recharge" on centralized exchanges (CEX) due to contract changes, leading to a successful attack by hackers on September 6. The vulnerability allows hackers to exploit old GALA tokens to recharge on various exchanges and transfer it out as real GALA tokens, resulting in a loss of 2.7 ETH worth of GALA from CoinHub.

With a major upgrade planned for May 15, 2023, GALA will update its token contract address, creating two different tokens currently in circulation, both called GALA. Hackers have been testing fake recharges by using old GALA tokens on various exchanges since July 27. The price ratio between old GALA tokens and normal GALA tokens is currently 1:12. This attacker was also involved in the LDO "fake recharge" incident and the Nomad Bridge attack last year.

This incident follows similar on-chain intelligence from SlowMist security regarding potential "fake recharge" risks for LDO's token contract. While Lido Finance has not confirmed any vulnerabilities, it acknowledged the known security holes in its LDO and stETH tokens.

