Essential Insights
-
Major Exploit: On July 9, decentralized platform GMX lost $42 million due to a hack involving stolen assets like $10 million in Frax Dollar and $9.6 million in wrapped Bitcoin.
-
Funds Conversion: The hacker converted most of the stolen funds into 11,700 ETH, moving them to multiple wallets after bridging $9.6 million to Ethereum.
-
Protocol Response: GMX paused minting and redemption of GLP tokens and offered a $4.2 million bounty to the hacker for returning 90% of the funds with no legal repercussions.
- Attack Investigation: A design flaw in GMX V1 allowed a re-entrancy exploit, enabling the attacker to manipulate token prices and profit from redeeming inflated GLP tokens.
GMX Hacker Converts Stolen Loot into 11,700 ETH
On July 9, the decentralized trading platform GMX faced a critical security breach, resulting in the loss of $42 million in various cryptocurrencies. Following the incident, blockchain data revealed the hacker transformed most of the stolen assets into an impressive 11,700 ETH.
The Attack Details
During this exploit, the hacker pilfered over $10 million worth of Frax Dollar (FRAX), $9.6 million in wrapped Bitcoin (wBTC), and around $5 million in DAI stablecoin. The attacker subsequently bridged $9.6 million of these funds to the Ethereum blockchain, exchanging them for DAI and ETH while leaving about $32 million on Arbitrum.
GMX publicly confirmed the theft through a post on X, stating, “The GLP pool of GMX V1 on Arbitrum has experienced an exploit. Approximately $40M in tokens has been transferred from the GLP pool to an unknown wallet.” Notably, GMX V2 and its related markets were unaffected.
To enhance security, GMX paused GLP token minting and redemption across both Arbitrum and Avalanche. Users received guidance to disable leverage and update their settings to minimize further risks.
An Offer Seized
In an intriguing turn, GMX communicated an on-chain message to the hacker. They offered a white-hat bounty of $4.2 million, promising no legal repercussions if the hacker returned 90% of the assets within 48 hours. However, there has been no response as of yet.
Understanding the Exploit
Though a complete postmortem report is pending, blockchain security firm SlowMist has identified a design flaw in GMX V1 as the root cause of the breach. The exploit enabled manipulation of the GLP token price, which was achieved through a re-entrancy attack. This type of attack allows multiple calls within a single function, leading to incorrect balance calculations. By opening large short positions, the hacker distorted global price data, artificially inflating the GLP token price for profit.
Cybersecurity Remains a Concern
Hacking incidents like this highlight ongoing vulnerabilities in the crypto industry. Recent reports indicate over $801.3 million was lost in 144 incidents during Q2 2025, with phishing and code vulnerabilities being major contributors.
The GMX hack serves as a reminder of the need for robust cybersecurity measures. As the cryptocurrency landscape continues to evolve, securing platforms against such threats becomes increasingly vital for fostering trust and innovation in the technology sector.
Stay Ahead with the Latest Tech Trends
Stay informed on the revolutionary breakthroughs in Quantum Computing research.
Stay inspired by the vast knowledge available on Wikipedia.
Disclaimer
This content is for informational and entertainment purposes only and does not constitute financial or investment advice. Cryptocurrency is highly speculative and carries significant risk, including the potential loss of your entire investment. Do not make financial decisions based on this information. Consult a licensed financial advisor before investing. This site does not offer, sell, or advise on cryptocurrency, securities or other regulated financial products in compliance with SEC and applicable laws. Please do your own research and seek professional advise.
CryptoV1
