GMX Exploiter Returns $40 Million After $5 Million Bounty Offer

In a surprising turn of events, the individual responsible for the recent GMX exploit has returned over $40 million worth of assets to the platform. This development marks a positive outcome for the crypto community, as the perpetrator accepted the platform’s bounty and returned the stolen funds.

On Friday, the GMX V1 exploit concluded with a positive note after the attacker, who initially exploited a vulnerability in the protocol’s first version on Arbitrum, decided to return the funds. The exploit, which occurred on Wednesday, resulted in a loss of over $40 million for the perpetual and spot crypto exchange GMX. The vulnerability in GMX V1’s vault contract allowed the attacker to manipulate the GLPGLP-- token price through the system’s calculations.

Blockchain security firm SlowMist explained that the root cause of the attack was a design flaw in GMX v1. This flaw allowed short position operations to immediately update the global short average prices, which directly impacted the calculation of Assets Under Management (AUM). As a result, the attacker could manipulate the GLP token pricing. Through a reentrancy attack, the attacker established massive short positions to manipulate the global average prices, artificially inflating GLP prices within a single transaction and profiting through redemption operations.

Approximately $42 million worth of assets, including Legacy Frax Dollar (FRAX), wrapped bitcoinBTC-- (WBTC), wrapped ETH (WETH), and other tokens, were transferred from the GLP pool to an unknown wallet. In response, GMX halted GMX V1’s trading and GLP’s minting and redeeming on both Arbitrum and Avalanche to prevent another attack and protect users’ funds. However, they clarified that the exploit was limited to GMX’s V1 and its GLP pool, with GMX V2, its markets, or liquidity pools, and the GMX token remaining unaffected and safe.

Following the incident, GMX offered a $5 million white-hat bounty to the attacker, acknowledging their abilities and encouraging them to return the funds within the next 48 hours. GMX’s team assured the attacker that returning the funds would allow them to spend the funds freely, without the risk of legal action or further complications. They also vowed to assist the exploiter in providing proof of source for the funds if it is ever required.

The exploiter responded by accepting the bounty and initiating the return process. Initially, they returned $10.49 million worth of FRAX. Another $32 million worth of assets had been swapped into 11,700 ETH, which are now valued at $35 million after the price of ETH jumped to the $2,990 mark. In the following hours, the hacker returned 10,000 ETH, worth $30 million, keeping only 1,700 ETH, valued at $5.2 million, as the bounty.

GMX later confirmed that the funds have now been safely returned and thanked the white-hat hacker for their actions, ultimately giving a positive turn to the incident. They informed users that contributors are working on a proposed distribution plan for presentation to the GMX DAO and will share more information shortly.