On July 9, the decentralized buying and selling platform GMX suffered a significant exploit, resulting in the lack of $42 million in assorted cryptocurrencies.
Now, on-chain information exhibits that the hacker has modified a lot of the stolen funds into 11,700 ETH.
The GMX Hack
The Wednesday incident noticed the attacker stealing over $10 million price of legacy Frax Greenback (FRAX), $9.6 million in wrapped Bitcoin (wBTC), and about $5 million in DAI stablecoin.
Following the breach, $9.6 million of the funds had been bridged to the Ethereum blockchain and exchanged into DAI and ETH, with an additional $32 million remaining on Arbitrum.
GMX confirmed the theft in a post on X:
“The GLP pool of GMX V1 on Arbitrum has skilled an exploit. Roughly $40M in tokens has been transferred from the GLP pool to an unknown pockets.”
Nevertheless, in response to blockchain analytics platform Lookonchain, the dangerous actor has now exchanged all of the stolen belongings, besides FRAX, into 11,700 ETH, which they then despatched to 4 new wallets.
The protocol had earlier clarified that GMX V2, its markets, liquidity swimming pools, and the GMX token weren’t affected. It additionally introduced a short lived pause on GLP token minting and redemption on each Arbitrum and Avalanche to forestall additional affect and safe funds. Its customers had been later told to disable leverage and replace their settings to dam additional GLP minting.
Moreover, GMX despatched an on-chain message to the hacker, providing a white-hat bounty price $4.2 million. The proposal additionally promised there could be no authorized penalties if the offender returned the remaining 90% inside 48 hours. Thus far, they haven’t responded.
A Re-Entrancy Exploit
A full postmortem report has not but been launched. Nevertheless, blockchain safety agency SlowMist has attributed the breach to a design flaw in GMX V1. The vulnerability enabled the exploiter to control the GLP token worth by interfering with the system’s calculation of whole belongings beneath administration.
SlowMist explained that they used a operate that allows leverage throughout order execution and carried out a re-entrancy assault. These enable repeated calls inside one operate, inflicting a wise contract to calculate the unsuitable stability.
By opening giant brief positions in a single transaction, the felony was capable of manipulate the worldwide worth information. This motion artificially inflated the GLP token worth and revenue by redemption.
Hacks and cybersecurity assaults stay a significant problem within the crypto business. A current CertiK report revealed that over $801.3 million was misplaced throughout 144 incidents in Q2 2025. Phishing was probably the most damaging, with $395 million stolen in 52 exploits. Code vulnerabilities adopted carefully, inflicting $235.8 million in losses throughout 47 instances.
Binance Free $600 (CryptoPotato Unique): Use this link to register a brand new account and obtain $600 unique welcome provide on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE place on any coin!
