Blockchain sleuths have been working around the clock to trace the stolen funds. The primary wallet used in the attack has been labeled “GMQ_Drainer” by the analytics platform Arkham Intelligence.
So far, the trail leads through Tornado Cash—a cryptocurrency mixer often used to obfuscate transactions—and then onward to several decentralized exchanges. However, one slip-up by the hackers has given investigators a glimmer of hope.
In the chaos of the attack, one of the perpetrators accidentally sent 1.5 Ether (about $2,400) to a wallet linked to a known ransomware group from Eastern Europe. This connection has led the FBI’s Cyber Division to open a formal investigation, working alongside Europol and Interpol.
While no arrests have been made, a statement from the FBI’s San Francisco field office reads: “We are aware of the incident involving Galactic Monster Quest and are coordinating with international partners to identify those responsible. We encourage victims to report their losses to ic3.gov.”
Rumors have also swirled about an inside job. Former StellarForge lead developer Kieran “K1NG” O’Sullivan, who left the company under unclear circumstances three months prior, has been questioned by private security firms. O’Sullivan has denied any involvement, posting on X: “I loved GMQ. I would never destroy what I helped build. Find the real culprits.” Galactic Monster Quest Hacked
To date, no official suspect has been named.
If you are a player of Galactic Monster Quest, do not wait for the developers. Take these steps immediately:
(Recommendation: extract and preserve full logs, syscalls, network captures, DB query logs, and file system snapshots for these IoCs.)
| Metric | Pre-Hack (April 18) | Post-Hack (April 20) | Change | |--------|---------------------|----------------------|--------| | Active players | 212,000 | 48,000 | ▼ 77% | | Gem supply | 8.2M | 1.47B | ▲ 17,900% | | Legendary monster spawn rate | 0.07% | 94% (hacked clients) | N/A | | Average transaction value (marketplace) | 45 gems | 0.0003 gems | ▼ 99.999% | Blockchain sleuths have been working around the clock
Financial loss estimate (direct): $3.2M in unrealized gem sales + $890K in marketplace transaction fees (12-hour period).
In disaster, there is often a strange kind of beauty. For every player who raged against StellarForge, dozens more have rallied to support each other.
A grassroots movement called “Project Phoenix” has emerged on Discord, led by veteran GMQ players, modders, and former game testers. Their goal is twofold:
“The hackers stole our monsters, but they can’t steal our memories,” says “LyraStargazer,” one of Project Phoenix’s organizers. “And they definitely can’t stop us from building something better. We’re already looking at fork options—taking the original open-source elements and creating a community-owned version of GMQ.” If you are a player of Galactic Monster
Indeed, a decentralized group of blockchain developers has already begun work on “Galactic Monster Redemption,” a fork of the original game’s smart contracts with additional security layers and a mandatory 30-day lock on all high-value trades to prevent rapid liquidation exploits.
We spoke with Dr. Alisha Reed, a cybersecurity analyst specializing in gaming networks. She warns that the impact of this hack extends beyond Galactic Monster Quest.
“Because so many people reuse passwords across platforms, the Galactic Monster Quest hacked database is now a goldmine for credential stuffing attacks on banks, social media, and email accounts,” Dr. Reed explained. “If you played this game, assume your email and password are public. Immediately change your credentials on any other service that uses the same password. Also, enable two-factor authentication (2FA) everywhere.”
She also advised against engaging with “rebuild” communities. “Scammers are already creating fake ‘private servers’ claiming to have restored lost monsters. These are almost certainly phishing attempts.”