- On-chain data is revealing how the GMX hacker is actively laundering the $42M in stolen funds
- The attacker swapped the loot into 11,700 ETH (worth ~$32M) on the Ethereum network
- They then split this ETH stash across four new, separate wallets in an attempt to obscure the trail
The latest security breach on the decentralized crypto exchange GMX has resulted in the theft and laundering of over $40 million worth of digital assets.
The platform, which allows users to trade and speculate on various cryptocurrencies, was exploited early Wednesday, prompting an immediate suspension of trading services and a formal investigation into the incident.
Related: GMX Hacked for $42 Million; Team Offers Hacker a 10% Bounty for Return of Funds
On-Chain Money Trail
The blockchain security firm PeckShield began tracking the exploiter’s activity shortly after the incident. According to its analysis, the attacker converted the stolen assets including WBTC, WETH, UNI, FRAX, LINK, USDC, and USDT into 11,700 ETH, equivalent to approximately $32 million, on the Ethereum network.
The exploiter also retained $10.5 million in the FRAX stablecoin on the Arbitrum blockchain. Blockchain data shows that 4,308.80 ETH was initially transferred from a wallet labeled “GMX Exploiter 1” to a second address, also linked to the same actor. From there, the ETH was split and forwarded to four new wallets; three received 3,000 ETH each, and one received 2,699.95 ETH.
The use of these intermediary wallets shows a clear attempt to launder and obscure the path of the stolen funds. These actions came just hours after the original exploit and indicate a premeditated strategy for dispersing the assets.
GMX’s Offer to the Hacker: A $4.3 Million Bounty
GMX confirmed the exploit through a public statement and disclosed that it had previously undergone multiple security audits by well-known firms. Despite those efforts, more than $43 million in user funds were taken in the attack.
In a direct and unconventional move, the platform sent a message to the hacker via the Ethereum blockchain, offering 10% of the stolen funds as a bounty if the remaining 90% was returned within 48 hours. GMX also stated it would not pursue legal action if the funds were returned. This offer, which aligns with similar tactics used in previous DeFi exploits, holds no formal legal weight.
Community Raises Questions Over Response Time
Critics on social media have raised concerns over the crypto industry’s response time in freezing the stolen funds.
Related: Latest Bybit Hack Linked to N. Korea’s Crypto Theft for Weapons Funding
The exploiter held nearly $30 million in USDC, a stablecoin managed by the company Circle, before further laundering the assets. No confirmations have yet emerged indicating whether blacklisting actions were taken by Circle during that critical window.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.