GMX Hacker Returns Stolen Funds, Nets $3 Million Profit on ETH & Also Claiming Bounty

According to , the GMX hacker has initiated the return of $42 million in stolen crypto for a $5 million white-hat bounty.

They already returned approximately $10.49 million in FRAX, with a commitment to return the rest in exchange for the promised bounty.

However, the rest of the $32 million was exchanged into 11,700 ETH, which is worth around $35 million, netting a $3 million profit to the hacker. It is currently unknown if the hacker will return the full amount or retain the profit.

The whole incident started on July 9 when GMX’s V1 protocol on Arbitrum suffered a major exploit in its GLP liquidity pool. Stolen assets included stablecoins such as FRAX, USDC, and DAI, wrapped Bitcoin (WBTC), wrapped Ether (WETH), and more.

The decentralized exchange immediately paused GLP minting, redemption, and trading on both Arbitrum and Avalanche in an effort to contain the breach. They then offered a 10% white‑hat bounty and pledged no legal action if the hacker returned the assets within 48 hours.

As expected, the breach had a negative impact on GMX’s native token. Following the exploit, it dropped roughly 20%, falling to around $11.20. Blockchain security firms PeckShield and Cyvers traced the exploit to a re-entrancy vulnerability in the GLP pool’s pricing logic.

Interestingly enough, despite the hack, the crypto market was seemingly unfazed. Following the incident, Bitcoin rallied by approximately 2%, Ethereum rose roughly 6%, while other altcoins surged as well. This may suggest that DeFi hacks are becoming more isolated rather than triggering industry-wide sell-offs.

Speaking of DeFi, the white-hat bounties (like the one GMX offered) are becoming increasingly used to incentivize asset recovery and ethical behavior after hacks. This is primarily done to help identify any security vulnerabilities or exploits in a platform’s systems.

GMX’s swift response and the proactive offer of a bounty likely played a big role in averting widespread panic and the potential spread of a broader negative impact.

Still, the event shines a light on the ongoing security vulnerabilities within DeFi and how important it is to have better security checks, constant monitoring, and clear plans for when things go wrong.