GMX Hacked for $42 Million; Team Offers Hacker a 10% Bounty for Return of Funds

Decentralized derivatives exchange GMX faced a major security breach on July 9, 2025. An attacker exploited the platform’s GLP liquidity pool and stole around $42 million in crypto assets.

PeckShield, a blockchain security firm, and tracked the hacker’s transactions on-chain. According to their analysis, the attacker bridged approximately $9.6 million to Ethereum shortly after the initial exploit.

The hacker moved funds in several stages. First, drained liquidity from the pool in USDC stablecoins. They then swapped the USDC into ETH before converting a portion of that to the DAI stablecoin.

They also extracted significant amounts of FRAX, , wrapped ether (WETH), and multiple other tokens. These transactions were executed across various chains and included complex swaps designed to mask the movement of the funds.

In response, GMX used the same chain to send a message directly to the attacker’s wallet address. The message acknowledged the GMX V1 exploit and proposed a 10% white-hat bounty.

In response to the attack, the GMX team used an on-chain transaction to send a to the attacker’s wallet address. The message acknowledged the GMX V1 exploit and proposed a 10% white-hat bounty with no legal action attached.

The GMX team offered the hacker a bounty equivalent to about $4.2 million in exchange for the return of the remaining 90% of the stolen assets. The message stated that if the attacker complies within 48 hours, GMX will not pursue any legal action against them.

No funds have been returned at the time of writing

GMX, which launched in 2021 and operates primarily on the Arbitrum network, supports leveraged trading for assets like BTC, ETH, and AVAX. Following the exploit, users and the broader DeFi community are now awaiting a full post-mortem analysis from the team and are closely watching for any further on-chain movements by the exploiter.