article 🚨💰 GMX Hacker’s Bold $42M Exploit Ends with $5M Bounty — A Risky Game Turns Into $3M Profit 🪙⚠️

The decentralized exchange GMX fell victim to this major breach on July 9, becoming yet another target in a growing wave of DeFi hacks. According to tracking from DeBank, the hacker siphoned funds to this suspicious wallet address:
0xdf3340a436c27655ba62f8281565c9925c3a5221.

After draining the funds from Arbitrum (Ethereum's Layer 2 network), the stolen assets were swiftly moved to the Ethereum mainnet—a common method used to obscure and later launder funds.

Please Register !

White-Hat Bounty: A $5 Million Deal to Return $42 Million

According to Lookonchain, the hacker agreed to a white-hat resolution, handing back the majority of the stolen assets in exchange for a lucrative $5 million reward. This method of negotiation, while controversial, is sometimes seen as a practical solution in DeFi to minimize damage, avoid lawsuits, and recover user funds quickly.

Such “white-hat” settlements typically involve the attacker revealing crucial vulnerabilities in exchange for amnesty and compensation. However, they remain a gray area of ethics in crypto security.

Please Register !

Partial Returns — And an Unexpected Profit

So far, the exploiter has already returned approximately $10.49 million in FRAX stablecoins. However, the remaining $32 million wasn’t simply sitting idle. The attacker cleverly converted these assets into 11,700 ETH, which due to recent market movements, appreciated to nearly $35 million—netting the attacker an extra $3 million in unintended profit.

Whether the hacker intends to return the full 11,700 ETH or only the equivalent $32 million is still unclear. So far, there’s been no public confirmation on their next move.

Please Register !

Debate: Is This Ethical?

The situation is sparking debate in the crypto community:
Can someone who exploits a protocol and returns most of the funds ethically walk away with millions in side profits? While many argue that recovering the bulk of the funds is a win for users, others believe this outcome undermines the spirit of white-hat hacking.

Please Register !

Security Concerns in DeFi Highlighted Again

This incident exposes ongoing security challenges in DeFi, especially regarding vaults managing large assets and cross-chain transfers.

So far, GMX has not clarified whether this agreement was formally established before or after the hacker returned some of the assets.

Regardless, this exploit is likely to influence future white-hat negotiations and ethical standards within decentralized finance.

Please Register !

GMX’s Official Response: Root Cause Found in Re-Entrancy Flaw

In its latest statement, GMX confirmed that the breach stemmed from a re-entrancy vulnerability within its V1 smart contracts. Despite using a nonReentrant modifier for protection, it only applied within a single contract scope, leaving the system exposed when interacting between contracts.

The hacker exploited this loophole by manipulating BTC short averages through the Vault contract, artificially inflating the GLP token price, and profiting by redeeming these overpriced tokens using a flash loan.

GMX V2 has since addressed this flaw by ensuring all pricing and executions occur within a single contract to prevent similar vulnerabilities.

Please Register !

Current Status: Trading Paused, Reimbursements in Progress

• GLP minting on Avalanche: Paused

• GLP redemptions on Avalanche: Active

• V1 orders: To be canceled and migrated to a reimbursement pool

• Arbitrum trading: Suspended pending further updates

GMX is working closely with security partners and infrastructure providers and continues direct communication with the attacker on-chain.

The platform has also urged all forks of GMX V1 to immediately perform audits and apply fixes to prevent similar exploits.

Please Register !

Summary for Users Affected:

• Expect positions to be migrated.

• Reimbursements are part of the recovery plan.

• Further updates will clarify timelines for withdrawals and transitions.