GMX Suffers $42 Million Hack, Token Drops 20%

GMX, a decentralized derivatives exchange, suffered a significant security breach on Wednesday, resulting in the theft of approximately $42 million in cryptocurrency. The attack specifically targeted GMX Vault-related contracts, with the stolen funds being transferred to a single wallet address. The stolen assets, valued at around $32 million in Arbitrum and $9.5 million in Ethereum, were moved to the attacker’s wallet. The specifics of how the theft was executed have not been disclosed, but it is known that the attacker targeted only the V1 smart contracts, which underpin the GLP pool used by liquidity providers to support perpetual and spot trading.

In response to the breach, GMX has offered a 10% white-hat bounty to the hacker if the stolen assets are returned. The attacker has only 48 hours to respond, or the team will begin exploring other options to recover the asset legally. GMX reacted immediately by suspending trading and GLP minting and redemption on both Arbitrum and Avalanche to prevent further damage. The team confirmed the issue only affected V1, and that V2 contracts, markets, and the GMX token remain secure. The core development team and top-tier security partners are now investigating the breach in detail, aiming to identify the root cause of the vulnerability and recover any lost funds. The team pledged that a comprehensive incident report will follow once analysis is complete.

The financial implications of the hack are severe, with exposed assets including ETH, WBTC, and USDC, which were part of the liquidity pools. The market's reaction underscores the ongoing risks within decentralized finance platforms. The GMX token has seen a notable decline following the hack, dropping from around $14 to approximately $11.34, reflecting a nearly 20% decline from pre-hack levels. This significant pullback suggests that investors are reacting strongly to the incident.

The hack highlights vulnerabilities in decentralized finance, prompting immediate security reviews. GMX has paused trading and liquidity operations, impacting user confidence and the protocol's market value. The PeckShield warns about specific vulnerabilities in smart contracts; GMX's security measures come under scrutiny as the exploit refers back to legacy vulnerabilities from previous breaches. Historical trends show consistent threats to decentralized finance, necessitating thorough security revamps.

This recent hack is not the first security incident GMX has faced. In September 2022, an exploiter took advantage of GMX’s zero-slippage mechanism in the AVAX/USD market, netting approximately $565,000. In March 2025, a sophisticated flash-loan attack targeted Abracadabra.Money, exploiting vulnerabilities in its cauldrons that used GMX V2 liquidity tokens as collateral. The attacker stole approximately 6,260 ETH ($13 million) by exploiting a vulnerability in liquidation logic within a single transaction. Meanwhile, GMX’s recent hack follows ResupplyFi’s $9.6 million exploit of last month, where an attacker manipulated the price of its synthetic token, cvcrvUSD, to trigger a zero-exchange-rate bug in the wstUSR vault. The attacker was able to breach the collateral system and borrowed nearly $10 million in reUSD against almost no collateral.

The incident highlights the ongoing security challenges faced by decentralized finance (DeFi) platforms. As DeFi continues to grow in popularity, the need for robust security measures becomes increasingly critical. The GMX hack serves as a reminder that even established platforms are not immune to security breaches, and that continuous vigilance and improvement in security protocols are essential to protect users' assets.