GMX Exchange Recovers 26% of Stolen Funds After Hack Attack

GMX Exchange, a decentralized trading platform, recently encountered significant challenges due to a hack attack that resulted in the theft of $40 million from its V1 GLP pool on the Arbitrum network. The incident led to a temporary suspension of V1 transactions on both the Arbitrum and Avalanche networks, while the V2 side of the platform remained unaffected. The hacker, who initially stole the funds, accepted a $5 million bounty offered by the project and began returning the stolen assets. PeckShield, a blockchain security firm, confirmed the return of funds by tracking notifications within the blockchain. The first two refund transactions saw a return of a total of 10.5 million FRAX coins to the GMX developer wallet, marking a significant step towards recovery.

The return of funds sparked a resurgence in activity on the GMX exchange, with its service altcoin experiencing an upswing. This turnaround was driven by the community's response to the hack and the platform's proactive measures to address the security breach. The exchange's ability to bounce back strongly from this challenge highlights its resilience and the trust that users have in its operations. The incident also underscores the importance of robust security measures in the decentralized finance (DeFi) space, where the risk of hack attacks is ever-present.

The GMX exchange's response to the hack attack demonstrates its commitment to transparency and user protection. By offering a bounty for the return of stolen funds and suspending affected transactions, the platform took swift action to mitigate the impact of the breach. The successful return of funds and the subsequent resurgence in activity indicate that the exchange is well-positioned to continue providing reliable and secure trading services to its users. The incident serves as a reminder of the challenges faced by DeFi platforms and the need for continuous improvement in security protocols to safeguard user assets.

According to a preliminary investigation by the GMX team, the attacker exploited a re-entrancy vulnerability in the OrderBook contract. By manipulating the average price of a Bitcoin short position, they inflated the price of the GLP liquidity coin. This allowed them to withdraw with a profit, collecting USDC, FRAX, WBTC, and WETH coins, ultimately amassing over $40 million in cryptocurrencies. During the incident, trading on GMX V1 and GLP coin minting was halted, with similar actions taken on the Avalanche side as a precaution.

In response to the attack, the project released a message within the blockchain offering the attacker a 10% bounty, amounting to $5 million, promising not to pursue legal action if the remaining funds were returned within 48 hours. The attacker responded the next day, stating, “Okay, the money will be returned later.” This marked the first official signal that the refund process would commence. Simultaneously, the GMX team coordinated with partner exchanges and analysis firms to monitor the flow of funds and verify movements.

On Friday morning, the two FRAX transactions totaling $10.5 million exemplified the seriousness of the bounty agreement. GMX announced that GLP minting and burning transactions on Arbitrum would remain closed until the remaining assets were returned, with existing liquidity allocated for compensating affected users. During this period, users can close their open positions. GMX V1 forks utilizing a similar structure were advised to take additional precautions.

The market reacted swiftly. The exchange’s service coin GMX hit a low of $10.45 post-attack, but strong buying followed the refund news, causing the altcoin’s price to increase by 17% within minutes. Since its launch on Arbitrum One in 2021, the project has hosted a total trading volume of $306 billion and an open position of $265 million. The platform’s effort to preserve its reputation renewed investor confidence and reignited security discussions within the decentralized exchange ecosystem.