- GMX lost $42M after an attacker exploited a re-entrancy flaw in its V1 contracts.
- The attacker agreed to return funds after securing a $5M white-hat bounty offer.
- Attacker still holds $35 million in Ethereum after returning partial funds to GMX.
On July 9, decentralized exchange GMX suffered a major exploit, losing over $42 million in digital assets. The attacker bypassed internal safeguards, transferring funds to wallet 0xdf….a5221. The assets were then bridged from Arbitrum to Ethereum. This cross-chain transfer method is widely used to hide stolen funds and makes asset tracing and recovery more difficult.
Blockchain analytics firm Lookonchain confirmed that the attacker later agreed to a white-hat deal. Under this informal agreement, the attacker would return funds in exchange for a $5 million bounty. White-hat deals are used in DeFi when attackers cooperate after an exploit.
GMX Hacker Yet to Return $35M in ETH After Bounty Deal
The attacker returned $10.49 million in FRAX stablecoins. The attacker exchanged the remaining $32 million for 11,700 ETH. Due to Ethereum’s rising price, the value of that ETH has grown to $35 million. This means the attacker now holds a $3 million gain, beyond the original stolen amount.
This situation has triggered debate across the DeFi community. Some users argue that the attacker should return the entire 11,700 ETH. Others believe the original amount of $32 million is enough. The attacker has not made any public statement. GMX has not confirmed whether a written agreement exists.
It was later that GMX confirmed the origin of the breach. The attacking party exploited the re-entrancy bug in the V1 contracts of GMX. A non-reentrant check was established in the contracts, which could only be used within the contract, though. The attacker avoided it through the deployment of distinct contracts in the system.
GMX Responds to Flash Loan Exploit with V1 Shutdown
The attacker utilized a flash loan to open a significant position, then altered the average short prices of BTC. This manipulation led to an increase in the GLP token’s value. The attacker redeemed these inflated tokens for a profit. The exploit relied on how GMX V1 calculated prices across multiple contracts.
In GMX V2, these calculations are done within a single contract. This design removes the risk of such exploits. After the attack, GMX took several emergency steps. It paused trading on Avalanche and disabled GLP minting and redemption on Arbitrum.
The platform engaged with security partners and began on-chain communication with the attacker. The platform plans to wind down all V1 positions. These will be moved to a reimbursement pool. Users affected by the attack will be compensated under this plan. All remaining V1 orders are being cancelled.
GMX also issued a warning to developers using forks of its V1 codebase, urging them to conduct on-demand security audits and apply necessary patches. The goal is to prevent similar or related vulnerabilities in other protocols. Security has now become a top priority for the GMX community.
Related: Sui Blockchain’s Cetus DEX Hacked, $11M Drained in Sui
Rare Returns in a Year of Record Hacks
Recovering stolen funds after a crypto exploit is rare, but not unheard of. In 2023, Euler Finance faced a major hack, yet the attacker returned nearly the entire $176 million just two weeks later. While unusual, such outcomes raise ethical questions about profiting from exploits, even when restitution is made.
In most crypto scams, stolen funds are never recovered. In February, Bybit lost $1.4 billion after its wallet provider, Safe, was compromised in an exploit. The 2025 breach marked one of the worst crypto heists to date. Experts have linked the attack to North Korean hackers, who are notorious for never returning stolen assets.
The GMX hack has become one of the central points of reference when it comes to DeFi security. It highlights the flaws in contract-making and the scope of white-hats. It is still unknown whether the attacker will refund the entire ETH value. The case has the potential to transform future models of response in decentralized finance.
