GMX Loses $42 Million in Crypto Assets After Security Breach

Generated by AI AgentCoin World
Thursday, Jul 10, 2025 12:25 am ET1min read
BTC
--

On July 9, 2025, the decentralized derivatives exchange GMX experienced a significant security breach, resulting in the loss of approximately $42 million in crypto assets. The exploit targeted the platform’s GLP liquidity pool on the Arbitrum network, draining multiple assets including USDC, ETH, and DAI through a malicious smart contract. The stolen funds were subsequently moved across various chains, with the attacker bridging approximately $9.6 million to Ethereum shortly after the initial exploit.

The hacker's transactions involved complex swaps and movements designed to obscure the flow of funds. Initially, the attacker drained liquidity from the pool in USDC stablecoins, which were then swapped into ETH. A portion of the ETH was converted into the DAI stablecoin, while significant amounts of FRAX, wrapped

bitcoin
(WBTC), wrapped ether (WETH), and other tokens were also extracted. These transactions were executed across multiple chains, adding layers of complexity to the tracking process.

In response to the attack, the GMX team took immediate action to address the breach and recover the stolen assets. They sent an on-chain message directly to the attacker’s wallet address, acknowledging the exploit and proposing a 10% white-hat bounty. This bounty, equivalent to about $4.2 million, was offered in exchange for the return of the remaining 90% of the stolen assets. The message also stated that if the attacker complies within 48 hours, GMX would not pursue any legal action against them.

The GMX team's proactive approach aims to recover the stolen funds and enhance the platform's security measures. The offer of a white-hat bounty is a strategic move to incentivize the return of the assets without escalating the situation legally. This approach is not uncommon in the cryptocurrency community, where such bounties are often used to encourage ethical hacking and the return of stolen funds.

The broader DeFi community is now awaiting a full post-mortem analysis from the GMX team, which will provide insights into the vulnerabilities that were exploited and the steps being taken to prevent similar incidents in the future. Users and stakeholders are closely monitoring the situation, hoping for a resolution that minimizes the impact of the breach and restores confidence in the platform's security.

The incident highlights the ongoing challenges faced by decentralized exchanges in maintaining robust security measures. Despite the presence of audited contracts, the exploit on GMX's GLP pool underscores the need for continuous vigilance and improvement in security protocols. The community's response and the GMX team's actions will be crucial in determining the long-term impact of this breach on the platform and the broader DeFi ecosystem.