GMX suffers $42M hack, issues 10% bounty offer to hacker

A major security incident struck the decentralized exchange GMX, siphoning approximately $42 million from its Arbitrum-based v1 perpetual platform.

In response, GMX has sent an on-chain message to the hacker offering a 10% white-hat bounty.

The platform stated that no legal action will be pursued if the remaining funds are returned within 48 hours. This move mirrors common damage control tactics used by DeFi protocols facing major exploits.

Following the attack, the platform’s token dropped 17% to a two-month low of $11.7 as of press time.

Launched in 2021, GMX is available across major blockchain networks including SolanaAvalanche, and Arbitrum.

According to official metrics, the platform has processed over $305 billion in trading volume and collected more than $435 million in fees.

The Exploit

On July 9, blockchain security firm Cyvers reported that the exploit originated from a malicious smart contract deployed by an address funded through Tornado Cash, an Ethereum-based privacy tool often used to obfuscate transactions.