Happy Ending: Crypto Hacker Returns Funds From $42 Million GMX Exploit
In a positive development for the crypto community, the individual responsible for the GMX exploit accepted the platform’s bounty and returned over $40 million worth of assets stolen from the project. Crypto Hacker Takes...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
In a positive development for the crypto community, the individual responsible for the GMX exploit accepted the platform’s bounty and returned over $40 million worth of assets stolen from the project.
Crypto Hacker Takes $42 Million From GMXOn Friday, the recent GMX V1 exploit ended on a happy note after the individual responsible for the incident turned into a white-hat hacker. Perpetual and spot crypto exchange GMX lost over $40 million on Wednesday when an attacker exploited a vulnerability in the protocol’s first version on Arbitrum.
According to online reports, GMX V1’s vault contract had a vulnerability that allowed the attacker to manipulate the GLP token price through the system’s calculations.
Blockchain security firm SlowMist explained that “The root cause of this attack stems from GMX v1’s design flaw, where short position operations immediately update the global short average prices (globalShortAveragePrices), which directly impacts the calculation of Assets Under Management (AUM), thereby allowing manipulation of GLP token pricing.”
Through a reentrancy attack, they successfully established massive short positions to manipulate the global average prices, artificially inflating GLP prices within a single transaction and profiting through redemption operations.
As a result, approximately $42 million worth of assets, including Legacy Frax Dollar (FRAX), wrapped bitcoin (WBTC), wrapped ETH (WETH), and other tokens, were transferred from the GLP pool to an unknown wallet.
The perpetual crypto exchange halted GMX V1’s trading and GLP’s minting and redeeming on both Arbitrum and Avalanche to prevent another attack and protect users’ funds. However, they clarified that the exploit was limited to GMX’s V1 and its GLP pool. GMX V2, its markets, or liquidity pools, and the GMX token were not affected and remained safe.
White-Hat Claims $5 Million BountyFollowing the incident, GMX sent a message on-chain and on X offering a $5 million white-hat bounty to the attacker, claiming that their abilities were “evident to anyone looking into the exploit transactions.”
GMX’s team noted that returning the funds within the next 48 hours and accepting the bounty would allow the hacker to “spend the funds freely,” instead of taking additional risks to access them. They also vowed not to pursue any legal action and to assist the exploiter in providing proof of source for the funds if it is ever required.
Today, the exploiter responded in an on-chain message, accepting the bounty and starting the return process. As Lookonchain reported, they initially returned $10.49 million worth of FRAX on Friday morning.
Meanwhile, another $32 million worth of assets had been swapped into 11,700 ETH, which are now valued at $35 million after the King of Altcoins’ price jumped to the $2,990 mark.
In the following hours, the hacker returned 10,000 ETH, worth $30 million, keeping only 1,700 ETH, valued at $5.2 million, as the bounty.
GMX later confirmed that the funds have now been safely returned and thanked the white-hat hacker for their actions, ultimately giving a positive turn to the incident.
Lastly, they informed users that “contributors are working on a proposed distribution plan for presentation to the GMX DAO and will share more information shortly.”
Why this matters
This security story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on NewsBTCRelated market context
SecondFi is shutting down after Cardano wallet exploit
Cardano wallet firm SecondFi says it will not resume “normal operations” and will instead focus solely on “returning assets to aff...
New SummerFi DeFi exploit shows AI automation now sits above smart contract risk
Summer.fi's automated vault incident has put delegated DeFi yield back under pressure after Blockaid said on July 6 that its explo...
Ctrl Wallet to shut down after June security exploit, users urged to withdraw assets by August 3
The shutdown highlights the critical need for robust security measures in digital wallets, emphasizing user vigilance against pote...
DeFi platform Summer Finance loses $6M in vault exploit
DeFi platform Summer Finance, which offers “institutional DeFi Vault infrastructure for everyone” has been hacked for approximatel...
Bitcoin and Ether ETFs Attract $286 Million as Blackrock Funds Spark Broad Recovery
Crypto ETF flows opened the new week on a stronger footing, with bitcoin ETFs adding $265.69 million and ether ETFs bringing in $2...
67 Million Americans Hold Crypto as Ripple Executive Pushes for CLARITY Act Rules
Key Takeaways: A new report by the National Cryptocurrency Association shows that one in four American adults now owns crypto. 67%...