Decentralized Exchange GMX Exploited for $42M, Offers Hacker 10% White Hat Bounty
ARBITRUM NETWORK, JUL 9 – A vulnerability in GMX V1's code enabled an attacker to drain $40 million, prompting a trading halt and a 10% bounty offer for fund recovery, industry experts said.
- On July 11, 2025, the decentralized exchange GMX experienced a significant security breach that resulted in the loss of approximately $42 million from its GLP asset pools on the Arbitrum and Avalanche networks.
- The breach exploited a re-entrancy vulnerability allowing abnormal minting of GLP tokens, while investigation into the exact cause remains inconclusive.
- GMX halted trading and minting on its V1 platform, disabled related user features, and claimed the damage was isolated, with V2 and other components unaffected.
- The stolen assets include over $10 million in frax dollar, $9.6 million in wBTC bridged to Ethereum using Circle's CCTP, and $5 million in DAI stablecoin, with the native GMX token dropping over 35%.
- GMX responded to the hack by offering ethical hackers a reward amounting to 10% of the recovered funds if 90% of the stolen assets were returned, and issued an on-chain assurance that no legal actions would be taken against the attacker, as industry-wide losses surpassed $2.5 billion.
38 Articles
38 Articles
GMX Loses $40 Million in V1 Exploit, Halts Trading and Minting
Decentralized perpetual exchange GMX halted trading and token minting on its GMX V1 platform after suffering a major exploit that resulted in the theft of approximately $40 million from its GLP liquidity pool. The attack targeted the GLP pool on Arbitrum and Avalanche, draining a mix of digital assets including bitcoin, ether, stablecoins, and other tokens into an unknown wallet. This story is an excerpt from the Unchained Daily newsletter. To…
GMX Exploiter Returns $40M, Accepts $5M White-Hat Bounty
In a notable turn of events, the crypto community witnessed a rare positive outcome following an exploit. The individual behind the GMX V1 exploit has returned over $40 million worth of stolen assets and accepted the platform’s white-hat bounty. This development underscores the importance of bug bounties and responsible disclosure in the blockchain ecosystem. The exploit… Source
The hacker took away about $40 million taking advantage of a vulnerability, but the GMX team managed to agree with the responsible to return the funds in exchange for a reward. *** The attacker who stole more than $40 million from GMX has begun to return the funds. He accepted in exchange to receive a reward for $5 million offered by the protocol. Transfers include ETH, FRAX and other assets stolen during the exploit. The incident is considered …
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium