Hacker Returns $10.5 Million to GMX After $42 Million Exploit

The hacker responsible for draining approximately $42 million worth of assets from the GMX decentralized exchange (DEX) has agreed to return the stolen funds in exchange for a 10% bounty. The exploit targeted GMX’s V1 pool on Arbitrum, leading to significant disruptions in the platform's operations. The hacker has since returned $10.49 million in FRAX and holds the rest in ETH, which has increased in value due to the surge in ETH prices, raising questions about potential profit.

GMX's swift response to the incident involved offering a white-hat bug bounty, which the hacker accepted. The hacker has returned $10.49 million in FRAX, with the remaining stolen tokens swapped into 11,700 ETH, now valued at approximately $35 million. This move has resulted in a net gain of $3 million for the hacker, who initially received around $5 million as part of the bounty agreement.

GMX had to halt trading and GLP minting on Arbitrum and Avalanche following what was described as a re-entrancy attack. The attacker manipulated the OrderBook contract and inflated GLP prices, allowing for the withdrawal of large funds. The protocol publicly offered the 10% bounty through an on-chain message, assuring the hacker that no legal action would be taken if the funds were returned within 48 hours. This prompt action was praised for limiting potential losses, and so far, the protocol has received a total of $10.5 million via FRAX transfers.

The remaining ETH is now being held across multiple wallets after conversion. PeckShield has tracked these movements and flagged around 9,000 ETH returns, with the rest split for storage or possible mixing. Following the hacker's message, GMX’s native token experienced a spike of over 14%, which had previously fallen nearly 28% after the hack, dipping around $10.45. At the time of writing, the GMX token is trading at $13.29.

A full post-mortem confirmed that the hack only affected GMX V1 and not its V2 or native token. The breach prompted the suspension of V1 features, guidance for forks, and an internal review of smart contract vulnerabilities. GMX emphasized that it will route the remaining funds to reimburse affected users and hold a DAO discussion on further action. Many are now awaiting to see whether the hacker will surrender all 11,700 ETH or sell some to keep the $3 million profit.

The incident highlights the ongoing challenges faced by decentralized finance (DeFi) platforms in securing their systems against sophisticated attacks. Despite the significant loss, GMX's proactive response and willingness to negotiate with the hacker demonstrate a strategic approach to crisis management. By offering a substantial bounty and ensuring no legal repercussions, GMX was able to recover a majority of the stolen funds, showcasing the effectiveness of white hat bounty programs in resolving such incidents.

The recovery of the stolen funds is a testament to the resilience and adaptability of the DeFi ecosystem. While the initial exploit was a setback, the swift and decisive actions taken by the GMX team underscore the importance of having robust security measures and contingency plans in place. The incident serves as a reminder for other DeFi platforms to prioritize security and be prepared to handle potential breaches effectively.