GMX Loses $42 Million in Cryptocurrency Exploit

GMX, a decentralized perpetuals exchange, recently fell victim to a significant exploit, resulting in the loss of over $42 million in cryptocurrency. The attack, which occurred on Wednesday, saw attackers siphon funds from GMX Vault-related contracts and transfer them to a single wallet address. The stolen assets, which included over $10 million in legacy Frax Dollar (FRAX), $9.6 million in wrapped BitcoinBTC-- (wBTC), and $5 million in DAI stablecoin, were subsequently bridged from Arbitrum, a Layer 2 EthereumETH-- scaling network, back to the Ethereum mainnet. This tactic is commonly employed by attackers to obscure and launder stolen assets.

The nature of the exploit is still under investigation, but on-chain data suggests it was likely a targeted exploit or smart contract vulnerability rather than a user error or regular withdrawal. The GMX team has responded on-chain, offering a 10% white-hat bounty for the return of the exploited funds. This move is often used as a last resort, appealing to the hacker's conscience by offering a portion of the stolen funds in exchange for their safe return and details of the vulnerability.

The incident adds to a challenging year for crypto security, with investors already losing $2.5 billion to hacks and scams in 2025. Earlier in March, Abracadabra.Finance lost $13 million in a targeted attack after a vulnerability in its GMX-linked lending pools was exploited using a flash loan. Blockchain sleuths traced the theft to 6,262 ETH drained from the protocol. The attacker targeted cauldrons using GM tokens, which represent liquidity positions on GMX, a decentralized exchange. GMX clarified that it wasn’t directly affected, noting that the exploit came from how Abracadabra had integrated GMX’s V2 pools into its own lending structure.

Crypto researcher Weilin Li broke down the method: the attacker used a flash loan to set up and then liquidate their own position. The trick was pulling this off inside a single block, pocketing the protocol’s liquidation rewards in the process. The design of GMX’s V2, where “keepers” fulfill trades in two steps, may have opened a narrow window that the exploiter used to their advantage.

This incident marks one of the larger DeFi-related exploits of the year and comes amid ongoing concerns about the security of cross-chain protocols and smart contract platforms. The GMX team is working diligently to address the issue and recover the stolen assets. The community's response and the ongoing investigation will be crucial in determining the outcome of this exploit and the future security measures implemented by GMX.