Happy Ending: Crypto Hacker Returns Funds From $42 Million GMX Exploit

In a positive development for the crypto community, the individual responsible for the GMX exploit accepted the platform’s bounty and returned over $40 million worth of assets stolen from the project.

On Friday, the recent GMX V1 exploit ended on a happy note after the individual responsible for the incident turned into a white-hat hacker. Perpetual and spot crypto exchange GMX lost over $40 million on Wednesday when an attacker exploited a vulnerability in the protocol’s first version on Arbitrum.

According to online reports, GMX V1’s vault contract had a vulnerability that allowed the attacker to manipulate the GLP token price through the system’s calculations.

Blockchain security firm SlowMist explained that “The root cause of this attack stems from GMX v1’s design flaw, where short position operations immediately update the global short average prices (globalShortAveragePrices), which directly impacts the calculation of Assets Under Management (AUM), thereby allowing manipulation of GLP token pricing.”

Through a reentrancy attack, they successfully established massive short positions to manipulate the global average prices, artificially inflating GLP prices within a single transaction and profiting through redemption operations.

As a result, approximately $42 million worth of assets, including Legacy Frax Dollar (FRAX), wrapped bitcoin (WBTC), wrapped ETH (WETH), and other tokens, were transferred from the GLP pool to an unknown wallet.

The perpetual crypto exchange halted GMX V1’s trading and GLP’s minting and redeeming on both Arbitrum and Avalanche to prevent another attack and protect users’ funds. However, they clarified that the exploit was limited to GMX’s V1 and its GLP pool. GMX V2, its markets, or liquidity pools, and the GMX token were not affected and remained safe.

Following the incident, GMX sent a message on-chain and on X offering a $5 million white-hat bounty to the attacker, claiming that their abilities were “evident to anyone looking into the exploit transactions.”

GMX’s team noted that returning the funds within the next 48 hours and accepting the bounty would allow the hacker to “spend the funds freely,” instead of taking additional risks to access them. They also vowed not to pursue any legal action and to assist the exploiter in providing proof of source for the funds if it is ever required.

Today, the exploiter responded in an on-chain message, accepting the bounty and starting the return process. As Lookonchain reported, they initially returned $10.49 million worth of FRAX on Friday morning.

Meanwhile, another $32 million worth of assets had been swapped into 11,700 ETH, which are now valued at $35 million after the King of Altcoins’ price jumped to the $2,990 mark.

In the following hours, the hacker returned 10,000 ETH, worth $30 million, keeping only 1,700 ETH, valued at $5.2 million, as the bounty.

GMX later confirmed that the funds have now been safely returned and thanked the white-hat hacker for their actions, ultimately giving a positive turn to the incident.

Lastly, they informed users that “contributors are working on a proposed distribution plan for presentation to the GMX DAO and will share more information shortly.”