GMX Returns 90% of $42 Million Stolen in Hack

The GMX decentralized exchange (DEX) recently faced a significant security breach, with a cyber attacker successfully draining approximately $42 million from the platform's V1 GLP pool. The stolen assets included a mix of cryptocurrencies, notably over $10 million in legacy Frax dollar, $9.6 million in wrapped BTC (wBTC), and $5 million in DAI stablecoin. In response to this exploit, GMX initiated a recovery effort by offering a 10% bounty for the safe return of the stolen funds, with a 48-hour deadline and a promise not to pursue legal action.

The hacker, in an unexpected turn of events, began returning the stolen assets. According to on-chain movements flagged by PeckShield Alert, the attacker transferred a total of $37.5 million worth of cryptocurrencies, including approximately 9,000 ETH and 10.5 million FRAX, back to the GMX Security Committee Multisig address. These transfers, made around 8:00 AM UTC, represented nearly 90% of the total amount stolen. The hacker's decision to return the funds followed an on-chain message stating, "Ok, funds will be returned later," which was subsequently followed through with the transfers.

GMX's public offer of a 10% bounty for the return of funds appears to have been a successful strategy. The protocol thanked the hacker on-chain, expressing gratitude for the returned assets. However, it remains unclear whether the attacker intends to return the remaining approximately $4.5 million from the exploit. The GMX hack ranks among the largest industry exploits so far this year, highlighting the ongoing challenges faced by decentralized finance (DeFi) platforms in securing their assets.

The incident underscores the harsh reality of DeFi, where recovery efforts often rely on negotiating with attackers. Other high-profile victims this year include Bybit, which suffered a $1.4 billion hack executed by the infamous North Korean hacker group Lazarus, and Cetus Protocol, which was drained for $223 million. Like GMX, Bybit also offered a 10% bounty to recover the funds but has yet to reclaim any of the stolen assets. This comparison illustrates the varying degrees of success in negotiating with hackers and the importance of effective recovery strategies in the DeFi space.