GMX Offers 10% Bounty After $42 Million Hack

On July 9, 2025, the decentralized exchange GMX experienced a significant security breach, resulting in the loss of approximately $42 million. The attacker exploited a vulnerability in the platform's GLP liquidity pool, draining multiple crypto assets through a malicious smart contract deployed by an address funded through Tornado Cash, an Ethereum-based privacy tool. The targeted assets included ETH, USDC, fsGLP, DAI, UNI, FRAX, USDT, WETH, and LINK. Blockchain data indicates that about $9.6 million has already been transferred to Ethereum’s mainnet, while the remaining funds are still on the Arbitrum network. On-chain analysts suggest that the attacker minted GLP tokens and redeemed them for high-value digital assets, which were later converted to ETH.

The hacker moved funds in several stages. First, they drained liquidity from the pool in USDC stablecoins. They then swapped the USDC into ETH before converting a portion of that to the DAI stablecoin. They also extracted significant amounts of FRAX, wrapped bitcoin (WBTC), wrapped ether (WETH), and multiple other tokens. These transactions were executed across various chains and included complex swaps designed to mask the movement of the funds.

In response to the attack, the GMX team used an on-chain transaction to send a message directly to the attacker’s wallet address. The message acknowledged the GMX V1 exploit and proposed a 10% white-hat bounty with no legal action attached. The GMX team offered the hacker a bounty equivalent to about $4.2 million in exchange for the return of the remaining 90% of the stolen assets. The message stated that if the attacker complies within 48 hours, GMX will not pursue any legal action against them. Blockchain data from Arkham Intelligence shows that the wallet associated with the exploit currently holds nearly $44 million. No funds have been returned at the time of writing.

GMX, which launched in 2021 and operates primarily on the Arbitrum network, supports leveraged trading for assets like BTC, ETH, and AVAX. Following the exploit, users and the broader DeFi community are now awaiting a full post-mortem analysis from the team and are closely watching for any further on-chain movements by the exploiter. The incident has raised concerns about the security measures in place for decentralized exchanges and the response times of stablecoin issuers.

This approach of offering a white-hat bounty is a common damage control tactic used by DeFi protocols facing major exploits. The platform’s token experienced a significant drop following the attack, highlighting the impact of such security breaches on the market. The incident underscores the need for robust security measures and swift response mechanisms in the decentralized finance ecosystem. The GMX team's proactive approach in offering a bounty and avoiding legal action demonstrates their commitment to resolving the issue and restoring trust in the platform.