We are aware of an exploit in relation to our gmCauldrons.

Core contributors and security engineers are investigating the issue in depth and will provide more information as soon as available.

Each gmCauldron was fully audited by @GuardianAudits prior to release. The same lead auditors as GMX core contracts, gmCauldrons are also integrated within the rest of Abracadabra Security infra including @zeroshadow_io tracking, @hexagate_ response software as well as further security measures behind the scene.

While having multiple systems in place, the exploit was caught only after the attacker executed several transactions. The Zeroshadow team alerted us and we quickly turned off all borrows to all cauldrons.

The full damage of the attack is currently being assessed. We are working together with @GuardianAudits, @GMX_IO, and other security peers to identify the execution of the hack.

No user collateral is affected and this exploit only affects the gmCauldrons.

We are in close contact with @chainalysis who are tracking the funds, that are currently consolidated on 0xaf9e33aa03caaa613c3ba4221f7ea3ee2ac38649.

To the hacker, we are happy to entertain negotiations for a bug bounty of 20% of the total.

Reach out at [email protected] or on chain to our treasury address on ETH 0xDF2C270f610Dc35d8fFDA5B453E74db5471E126B.

A full post mortem will be provided once ready.