GMX Loses $42 Million in Hack, Token Drops 28%

On July 9, 2025, the decentralized exchange (DEX) GMX experienced a significant security breach, resulting in the loss of approximately $42 million in digital assets. The hacker exploited a vulnerability in the GLP V1 pool of the GMX protocol on the Arbitrum blockchain, siphoning off various cryptocurrencies including USDC, FRAX, WBTC, and WETH. The compromised wallet also held various digital assets, including wBTC, ETH, wETH, UNI, and LINK. Assets in the hacker's wallet were tracked and reported by DeBank.

In response to the attack, the GMX team swiftly suspended trading and V1 minting on both Arbitrum and Avalanche to safeguard the platform and its users. The GMX team promptly offered the attacker a $5 million white-hat bounty, equivalent to 10% of the stolen amount, in exchange for the return of the remaining funds within 48 hours. This offer was communicated via a message on the blockchain, with the assurance that the attacker would not face prosecution if they complied. The hacker responded positively, stating, “Ok, funds will be returned later,” as reported by a blockchain security company. Shortly thereafter, the attacker began returning the stolen funds, with transactions totaling 5.5 million FRAX ($5.5 million) and another 5 million FRAX ($5 million) being transferred back to GMX.

The market reacted swiftly to the news of the hack, with the GMX token experiencing a 28% drop to a low of $10.45. However, as the hacker agreed to return the funds, the token began to recover, rising approximately 14% on July 11. By the end of the day, the GMX token was trading at $13.15. The GMX team quickly suspended trading, coordinated with partners to track the funds, and confirmed that GMX V2 was unaffected by the attack.

Looking ahead, GMX plans to disable minting and GLP redemption on Arbitrum to prevent similar incidents. The remaining funds will be allocated for redress, and affected users will be able to close out their positions. The team has also issued guidance for GMX V1 forks to mitigate similar risks and plans to hold discussions at the DAO on additional remediation measures. GMX V2 operations remain unaffected.

This incident underscores the importance of ongoing auditing of smart contracts and the team’s willingness to engage in constructive dialogue with hackers. GMX’s quick response and the offer of a reward helped minimize the damage to the project’s ecosystem. The platform, which allows users to trade Bitcoin, Ethereum, AVAX, and other cryptocurrencies with up to 100x leverage, has accumulated significant trading volume and user base since its launch in 2021.

This incident underscores the importance of rapid detection and transparent communication in the DeFi sector. GMX’s immediate response—disabling affected services and clarifying the scope of the vulnerability—helped contain the fallout and reassure users. The episode also highlights the ongoing challenges of securing cross-chain assets and the need for robust risk management in decentralized protocols.

As the DeFi ecosystem matures, such events serve as critical reminders for both users and developers to prioritize security, monitor on-chain activity, and maintain open channels of communication during crises. The hacker's decision to return the stolen funds, totaling $40 million, demonstrates a rare instance of cooperation between a hacker and a DeFi platform, highlighting the potential for constructive resolution in the face of security breaches.