The hacker who stole around $42 million from the decentralized exchange GMX has agreed to return the funds in exchange for a 10% bounty. The exploit targeted GMX’s V1 pool on Arbitrum, leading to significant disruptions.
Hacker's Agreed Return of Funds
After GMX offered a white-hat bug bounty, the hacker agreed to return $42 million in cryptocurrency, receiving around $5 million as a reward. To date, $10.49 million in FRAX has been returned, while the remaining amount in ETH has been swapped into 11,700 ETH, currently valued at about $35 million, netting the hacker a gain of $3 million.
Details of the Attack and Consequences
GMX halted trading and GLP minting on Arbitrum and Avalanche after describing the attack as a re-entrancy exploit. The attacker manipulated the OrderBook contract and inflated GLP prices, allowing large fund withdrawals. GMX publicly offered a 10% bounty through an on-chain message, assuring the hacker that no legal action would follow if the funds were returned within 48 hours.
Future Projections for GMX and Market Fluctuations
Following the hacker's message, GMX's token spiked over 14%, but fell nearly 28% after the hack. At the time of writing, GMX token is trading at $13.29. A full post-mortem confirmed the hack only affected GMX V1, not its V2 or native token. The protocol emphasized that remaining funds would be routed to reimburse affected users.
The situation with the hacker agreeing to return funds creates uncertainty in the market, as many await to see whether he will surrender all 11,700 ETH or sell some to retain the $3 million profit.
