GMX Loses $42 Million in Security Breach, Offers 10% Bounty for Return of Funds

Generated by AI AgentCoin World
Wednesday, Jul 9, 2025 4:02 pm ET1min read
ETH
--

GMX, a prominent decentralized derivatives exchange operating on the Arbitrum network, recently fell victim to a significant security breach, resulting in the loss of approximately $42 million from its GLP liquidity pool. The exploit involved the draining of multiple crypto assets, including USDC, ETH, and DAI, through a malicious smart contract. The stolen funds were subsequently bridged from Arbitrum to

Ethereum
, with a portion already swapped for DAI, potentially in preparation to mix and conceal the assets.

In response to the exploit, GMX has taken immediate action to mitigate the damage. The exchange has offered a 10% bounty for the return of the stolen funds, extending an olive branch to the hacker in hopes of recovering the assets. GMX has also halted GLP token trading and frozen the minting and redeeming of GLP on both Arbitrum and Ethereum to prevent further exploitation. All trading on GMX V1 has been stopped, while trading on V2 continues as no similar vulnerabilities have been discovered.

The hacker's actions suggest a re-entrancy attack, where an abnormal amount of GLP tokens was minted. The funds were sent to a single wallet, with over $32 million in Arbitrum-based assets and another $9 million on Ethereum after bridging. The Ethereum-based funds are at a higher risk of being swapped and mixed due to the higher available liquidity. The exploit shows similarities with previous protocol hacks, suggesting the participation of sophisticated hackers.

GMX has reiterated that there is no danger to the GMX token, and trading on V2 will continue as usual. The exchange team is working diligently to address the security breach and recover the stolen assets. The incident highlights the ongoing challenges in decentralized finance (DeFi) security and the need for robust measures to protect against such exploits.

The breach has had a significant impact on decentralization security, highlighting vulnerabilities and causing immediate market reactions across connected networks. The exploit's magnitude has impacted market sentiment significantly, and currency conversions and asset movements used cross-chain swaps via Tornado Cash, a common method for concealing transactions. Financial outcomes include potential asset recovery through bounty compromise.

Insights suggest possible regulatory scrutiny could follow. Technological defenses in decentralized platforms are under review, posing critical challenges and urging stakeholders to bolster existing defenses. The incident serves as a reminder of the importance of security in the DeFi space and the need for continuous vigilance and improvement in protecting user assets.