In a turn of events that has brought relief to the crypto sector, the individual behind the GMX exploit has accepted the platform’s bounty, returning over $40 million in pilfered assets from the project.
Last Friday, the recent GMX V1 exploit culminated in a positive resolution after the person behind the incident transformed into a white-hat hacker. The perpetual and spot crypto exchange GMX suffered a loss of over $40 million on Wednesday due to an attacker exploiting a loophole in the protocol’s inaugural version on Arbitrum.
A number of online publications reported that a flaw in GMX V1’s vault contract permitted the attacker to tamper with the GLP token price via the system’s computations. As explained by blockchain security company SlowMist, the attack originated from a design deficiency in GMX v1, which allowed short position operations to instantaneously modify the global short average prices (globalShortAveragePrices). This directly influenced the calculation of Assets Under Management (AUM), thereby enabling manipulation of GLP token pricing.
Through a reentrancy attack, the hacker successfully established substantial short positions to manipulate the global average prices, artificially boosting GLP prices within a single transaction and profiting through redemption operations. Consequently, approximately $42 million worth of assets, including Legacy Frax Dollar (FRAX), wrapped bitcoin (WBTC), wrapped ETH (WETH), and other tokens, were moved from the GLP pool to an anonymous wallet.
The perpetual crypto exchange suspended GMX V1’s trading and GLP’s minting and redeeming on both Arbitrum and Avalanche to avert another assault and safeguard users’ resources. They assured that the exploit was confined to GMX’s V1 and its GLP pool. GMX V2, its markets, liquidity pools, and the GMX token were unaffected and remained secure.
Post the incident, GMX offered a $5 million white-hat bounty to the attacker on-chain and on X, acknowledging their evident skills. The GMX team explained that returning the assets within the next 48 hours and accepting the bounty would enable the hacker to “spend the funds freely” rather than risking accessing them. They also promised not to initiate any legal action and to assist the exploiter in providing proof of source for the funds whenever necessary.
The exploiter responded positively in an on-chain message, accepting the reward and initiating the return process. Lookonchain reported that they initially returned $10.49 million worth of FRAX on Friday morning. Subsequently, another $32 million worth of assets were converted into 11,700 ETH, now valued at $35 million following the surge in the altcoin’s price to $2,990.
Later, the hacker returned 10,000 ETH, worth $30 million, retaining only 1,700 ETH, valued at $5.2 million, as the bounty. GMX confirmed that the funds had been securely returned and thanked the white-hat hacker for their actions, adding a positive spin to the incident. They also notified users that “contributors are working on a proposed distribution plan for presentation to the GMX DAO and will share more information shortly.”
