GMX Returns 95% of Stolen Funds After Re-entrancy Attack

Generated by AI AgentCoin World
Friday, Jul 11, 2025 8:47 pm ET1min read
BTC
--
ETH
--

The GMX team recently sold 10,000 ETH approximately 7 hours ago, with the primary motive speculated to be the refund of users. This action follows a significant exploit that occurred on the GMX protocol, where an attacker managed to steal $42 million worth of assets, including stablecoins and wrapped versions of

Bitcoin
and
Ethereum
. The exploit was identified as a re-entrancy attack, a common vulnerability in decentralized finance (DeFi) protocols that allows attackers to interact with smart contracts multiple times, draining funds in the process.

The GMX team responded swiftly to the exploit by offering the attacker a 10% white hat bounty if the stolen funds were returned within 48 hours. This offer was communicated through an onchain message, and the attacker responded positively, indicating a willingness to return the funds. The attacker began returning the assets at 9:08 am, starting with $10.4 million worth of stablecoins and later transferring 10,000 ETH and other assets totaling $40.5 million. The return of funds was completed over several hours, with the attacker still holding 1,700 ETH worth approximately $5.1 million.

The GMX team's proactive approach in engaging with the attacker and offering a bounty is a strategic move to mitigate the damage caused by the exploit. By offering a financial incentive, the team aimed to encourage the attacker to return the stolen funds, which would help in restoring user confidence and minimizing the financial impact on the protocol. The return of funds is a positive development for GMX, as it demonstrates the team's commitment to resolving the issue and protecting user assets.

The re-entrancy attack on GMX highlights the ongoing challenges faced by DeFi protocols in securing their smart contracts. Despite the identification of re-entrancy vulnerabilities as far back as 2016, they continue to be exploited, underscoring the need for robust security measures and continuous monitoring. The GMX team has urged all forks of their V1 protocol to take necessary steps to prevent similar exploits, emphasizing the importance of proactive security measures in the DeFi ecosystem.

The return of funds by the attacker is an uncommon but not unprecedented occurrence in the DeFi space. In 2023, an exploiter returned $176 million worth of stolen crypto after the Euler Finance hack, demonstrating that attackers can sometimes be incentivized to return stolen assets. However, many exploits do not have such positive outcomes, with attackers often keeping the stolen funds or using them for malicious purposes. The GMX team's response to the exploit serves as a reminder of the importance of swift and strategic action in mitigating the impact of security breaches in the DeFi ecosystem.