- The decentralized exchange GMX was hacked for approximately $42 million on July 9, 2025
- The attacker exploited the platform’s GLP liquidity pool, draining multiple crypto assets
- The GMX team has sent an on-chain message offering the hacker a 10% “white-hat” bounty to return the funds
Decentralized derivatives exchange GMX faced a major security breach on July 9, 2025. An attacker exploited the platform’s GLP liquidity pool and stole around $42 million in crypto assets.
PeckShield, a blockchain security firm, confirmed the event and tracked the hacker’s transactions on-chain. According to their analysis, the attacker bridged approximately $9.6 million to Ethereum shortly after the initial exploit.
How the Attacker Drained and Moved the Funds
The hacker moved funds in several stages. First, drained liquidity from the pool in USDC stablecoins. They then swapped the USDC into ETH before converting a portion of that to the DAI stablecoin.
They also extracted significant amounts of FRAX, wrapped bitcoin (WBTC), wrapped ether (WETH), and multiple other tokens. These transactions were executed across various chains and included complex swaps designed to mask the movement of the funds.
Related: Is Ethereum About to Have Its Own ‘NVIDIA Moment’?
In response, GMX used the same chain to send a message directly to the attacker’s wallet address. The message acknowledged the GMX V1 exploit and proposed a 10% white-hat bounty.
GMX Offers Hacker a $4.2 Million “White-Hat” Bounty
In response to the attack, the GMX team used an on-chain transaction to send a message directly to the attacker’s wallet address. The message acknowledged the GMX V1 exploit and proposed a 10% white-hat bounty with no legal action attached.
The GMX team offered the hacker a bounty equivalent to about $4.2 million in exchange for the return of the remaining 90% of the stolen assets. The message stated that if the attacker complies within 48 hours, GMX will not pursue any legal action against them.
Blockchain data from Arkham Intelligence shows that the wallet associated with the exploit currently holds nearly $44 million. No funds have been returned at the time of writing.
GMX, which launched in 2021 and operates primarily on the Arbitrum network, supports leveraged trading for assets like BTC, ETH, and AVAX. Following the exploit, users and the broader DeFi community are now awaiting a full post-mortem analysis from the team and are closely watching for any further on-chain movements by the exploiter.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
