GMX Hacker Returns 90% of Stolen Funds, Token Jumps 16%

The cyber attacker who looted millions from GMX’s V1 GLP pool earlier this week has returned a significant portion of the stolen funds. According to on-chain movements flagged by PeckShield Alert, the GMX hacker has returned a total of $37.5 million worth of the stolen assets to the protocol. These transfers, made in several batches of ETH and FRAX around 8:00 AM UTC, represent nearly 90% of the $42 million that was drained just two days prior in the original exploit.

The refund follows GMX’s public offer of a 10% bounty for the safe return of funds, with a 48-hour deadline and a promise not to pursue legal action. The hacker responded via an on-chain message, stating, “Ok, funds will be returned later,” before proceeding with the fund transfers. The native token GMX (GMX) experienced a 16% jump in value following this development, modestly recovering from the 28% drop it suffered immediately after the exploit. While GMX has not yet publicly acknowledged receipt of the returned funds, the protocol expressed gratitude on-chain, stating, “Thank you, we greatly appreciate this.”

It remains uncertain whether the attacker intends to return the remaining funds from the exploit, estimated to be around $4.5 million. The GMX hack is one of the largest industry exploits so far this year. Other notable victims include Bybit, which suffered a $1.4 billion hack executed by the infamous North Korean hacker group Lazarus, and Cetus Protocol, which was drained for $223 million. Like GMX, Bybit also offered a 10% bounty to recover the funds but has yet to reclaim any of the stolen assets.