A recent incident on the GMX platform led to the return of $40.5 million in stolen assets in just 48 hours. The hacker, who exploited vulnerabilities, agreed to return the funds in exchange for a bounty.
Hacker Attack on GMX
On July 9, a hacker executed an attack on GMX's smart contracts, stealing approximately $42 million. GMX offered a 10% bounty for the return of funds within 48 hours, which was a key factor in the swift resolution of the incident.
Technical Vulnerabilities in Smart Contracts
The attack was carried out using a sophisticated re-entrancy exploit that took advantage of flaws in GMX's smart contract architecture. The hacker was able to manipulate a contract function that failed to prevent multiple calls, leading to incorrect balance calculations and theft of various digital assets.
> This technical vulnerability allowed the attacker to artificially inflate the price of GLP, GMX's liquidity provider token.
Return of Funds and Market Response
The quick response from GMX's security team led to an on-chain message offering a 10% bounty. The hacker initiated the return process by sending $10.49 million in FRAX tokens directly to GMX's Security Committee Multisig address. The remaining $32 million was returned in multiple batches. Following the incident, the GMX token regained over 13% in trading value.
The GMX incident represents a rare case where a major cryptocurrency theft resulted in a voluntary return of funds through bounty negotiation. The $40.5 million recovery demonstrates the potential effectiveness of such programs in encouraging voluntary returns in blockchain security breaches.
