GMX Hacker Returns $40 Million After Accepting Bounty Offer

A significant development has emerged in the GMX exploit case, as the attacker responsible for draining $40 million from the decentralized exchange has begun returning stolen funds. This turnaround occurred after the hacker accepted a $5 million white hat bounty offered by the GMX team.

Posting this message in hopes of connecting with the individual responsible for the GMX V1 exploit.

You’ve successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions.

The white-hat bug bounty of $5 million continues… https://t.co/KPf2fEtU6t

— GMX 🫐 (@GMX_IO) July 10, 2025

The exploit targeted GMX’s V1 liquidity pool on the Arbitrum blockchain earlier this week. The attacker used a sophisticated re-entrancy vulnerability in the OrderBook contract to manipulate Bitcoin’s average short price, artificially inflate GLP token values, and redeem them at a substantial profit.

Various cryptocurrencies were stolen, including USDC, FRAX, WBTC, and WETH.

Following the attack, GMX immediately halted V1 trading and minting operations on both Arbitrum and Avalanche networks. The team then made an unusual move by publicly offering the hacker a 10% bounty through an on-chain message, promising no legal action if 90% of the funds were returned within 48 hours.

The strategy proved effective. The hacker responded with a simple on-chain message stating, “ok, funds will be returned later.”

Shortly after, blockchain security firm PeckShield confirmed the attacker had begun transferring assets back to GMX addresses.

Market Impact and Recovery Process

The exploit initially caused GMX’s native token to plummet by over 28% to $10.23. However, news of the fund returns sparked a 14% surge, bringing the token price to $13.25.

At the time of reporting, over $35 million in assets had been returned, including multiple batches of FRAX tokens and roughly 10,000 ETH.

#PeckShieldAlert #GMX Exploiter has returned a total of $37.5M worth of cryptos, including ~9K $ETH & 10.5M $FRAX to the #GMX Security Committee Multisig address pic.twitter.com/yBar1dp0Is

— PeckShieldAlert (@PeckShieldAlert) July 11, 2025

Technical Implications for GMX Operations

The exploit exposed critical vulnerabilities in GMX V1’s architecture, particularly in its liquidity pool management system. As a result, GLP minting and redemption on Arbitrum will remain permanently disabled.

The team has confirmed that GMX V2 was unaffected by the breach and continues operating normally.

This incident highlights the ongoing security challenges facing decentralized finance protocols. While the hacker’s decision to return funds is unusual, it demonstrates how bounty programs can sometimes resolve exploits more effectively than traditional legal approaches.

The GMX team plans to use remaining funds for user reimbursement and has issued guidance to prevent similar vulnerabilities in protocol forks.