On July 9, the decentralized trading platform GMX suffered a major exploit, leading to the loss of $42 million in assorted cryptocurrencies.
GMX Hack
The incident occurred on Wednesday when the attacker stole over $10 million worth of Frax Dollar (FRAX), $9.6 million in wrapped Bitcoin (wBTC), and about $5 million in DAI. Following the breach, $9.6 million of the funds were bridged to the Ethereum blockchain, exchanged into DAI and ETH, while a further $32 million remained on Arbitrum.
GMX's Response and Offer to the Hacker
GMX confirmed the theft in a post on X. The protocol clarified that GMX V2, its markets, and liquidity pools were not affected. In response to the hack, GMX offered the hacker a $4.2 million bounty for the return of the funds, promising no legal consequences if 90% of the remaining amount was returned within 48 hours. However, there has been no response from the attacker yet.
Causes of the Hack and Consequences
Preliminary reports by the security firm SlowMist indicate a design flaw in GMX V1. This vulnerability allowed the hacker to manipulate the GLP token price, leading to incorrect calculations of total assets. The so-called re-entrancy attack enabled the criminal to manipulate token prices and profit from redemptions.
Security issues and hacks continue to pose significant challenges in the crypto industry. A recent CertiK report revealed that over $801.3 million was lost across 144 incidents in Q2 2025.
