On the evening of October 6th, the Web3 community development platform Galxe fell victim to a hacker intrusion. Initial assessments suggest that this was a front-end takeover attack.
On X, Galxe announced that their project website was no longer operational, and their team was working to address the issue. They also advised users not to connect their wallets to the platform during this period.
🚨 Attention Community! At the moment, the Galxe website is down and we’re working on repairing the issue. Please do not connect your wallet to Galxe for the timebeing.
The issue will be resolved shortly, thank you for your patience!
— Galxe (@Galxe) October 6, 2023
According to the technical assessment by Peckshield, it is highly likely that the front-end of the project was compromised. Users were cautioned not to “Approve” permissions for unfamiliar links on the current Galxe website platform.
#PeckShieldAlert @Galxe seems to be compromised.
Do *NOT* click the phishing link https://t.co/w2XWHcKD7B pic.twitter.com/UnYVqnG9mG— PeckShieldAlert (@PeckShieldAlert) October 6, 2023
A front-end attack is a type of cyberattack where hackers inject malicious code into the website’s interface, tricking visitors into clicking on harmful links, ultimately leading to the theft of funds.
The on-chain detective ZachXBT swiftly investigated the attacker’s wallet address. Interestingly, it appears to be the same address used in a previous front-end attack on Balancer not long ago. As of the time of writing, the hacker had successfully withdrawn over $100,000 in user funds from Galxe.
Stolen funds are being directed to here
0x4103baBcFA68E97b4a29fa0b3C94D66afCF6163d
It seems to likely be the same scammer who did the Balance frontend attack recently. pic.twitter.com/SovOGGn8GE
— ZachXBT (@zachxbt) October 6, 2023
The technical issues faced by Galxe in their product are causing significant disruptions for many users, particularly since many users had chosen to participate in retroactive reward tasks within the platform’s ecosystem.
At the time of writing, the token price of GAL had experienced a slight decline of 2.28%, reaching the $1.14 USD range.
