This week, the decentralized exchange GMX was hacked for $40 million, leading the hacker to begin returning stolen funds. The incident highlights vulnerabilities in DeFi protocols.
Overview of the GMX Exploit
The GMX exploit was due to a vulnerability in the OrderBook contract, allowing the hacker to manipulate short positions on BTC and inflate GLP token prices. This resulted in a significant drain from the V1 liquidity pool on Arbitrum, including assets like USDC, FRAX, WBTC, and WETH.
Hacker's Return of Funds
The hacker responded to GMX's bounty message, promising to return the funds. As a result, $5.5 million was returned in FRAX, followed by another $5 million shortly after. ETH transfers totaling around $30 million were also traced back to GMX's deployer address.
Response and Future Measures
Following the exploit, GMX's token dropped 28% but rebounded by 14% as funds began to return. The GMX team confirmed the vulnerability and announced that minting and redeeming GLP on Arbitrum would be disabled, with remaining funds allocated for compensating affected users.
The incident with GMX underscores the challenges facing DeFi protocols and the importance of security amidst professional cyber attacks. Despite the losses, the situation seems headed for a relatively peaceful resolution.
