Étienne Girard
The hacker responsible for draining $40 million from decentralized perpetual trading platform GMX earlier this week has started returning the stolen crypto after seemingly accepting a $5 million white-hat bounty offered by the project.
The attacker targeted GMX V1’s GLP pool on Arbitrum, siphoning off a mix of assets including USDC, FRAX, WBTC, and WETH. In response, GMX suspended trading and minting functions on both Arbitrum and Avalanche. While GMX V2 and its native token remained untouched, the protocol offered the exploiter a 10% bounty in exchange for returning the funds and immunity from legal action, provided the return was completed within 48 hours.
Funds Begin Flowing Back to GMX Treasury
On-chain activity confirmed by blockchain security firm PeckShield revealed that the hacker responded to GMX’s offer with a simple on-chain message: “ok, funds will be returned later.” Following this, two transactions totaling 10.5 million FRAX were sent back to the GMX Deployer wallet.
The GMX token, which initially plummeted 28% to $10.45 after the exploit, began to rebound. It surged 14% on Friday as news of the fund return emerged, trading at $13.25, according to PRIME.
$30M in ETH Returned, Team Issues Post-Mortem
PeckShield also confirmed that the exploiter returned approximately 10,000 ETH, valued at around $30 million, in four separate transactions.
GMX published a post-mortem report detailing the attack. The breach exploited a re-entrancy vulnerability in the OrderBook contract, enabling the attacker to manipulate short prices of BTC, inflate the value of GLP tokens, and redeem them at a profit.
In the aftermath:
-
GMX V1 minting and redemptions on Arbitrum have been permanently disabled.
-
Remaining protocol funds will be used to reimburse affected users.
-
Users will be allowed to close open positions.
-
Forks of GMX V1 are being advised on mitigation strategies.
The GMX team also confirmed that V2 operations continue unaffected and a DAO-led discussion will determine further reimbursement measures.
White-Hat Bounty Offer Still Open
In a public appeal posted to X, GMX reiterated its $5 million bounty offer:
“You’ve successfully executed the exploit; your abilities in doing so are evident… The white-hat bug bounty of $5 million continues to be available.”
The funds for the bounty will be drawn from GMX’s community treasury.
A Platform with Billions in Volume
GMX, launched in 2021 on Arbitrum One, allows traders to leverage positions up to 100x on assets like BTC, ETH, and AVAX. The platform boasts $306 billion in cumulative trading volume and over $265 million in current open interest, with nearly 715,000 users, according to GMX’s official stats.
