๐๐ ๐ซ ๐๐ฎ๐ฐ๐ธ๐ฒ๐ฟ ๐ฆ๐๐ฎ๐ฟ๐๐ ๐ฅ๐ฒ๐๐๐ฟ๐ป๐ถ๐ป๐ด ๐๐๐ป๐ฑ๐ ๐๐ณ๐๐ฒ๐ฟ $๐ฐ๐ฎ๐ ๐๐ ๐ฝ๐น๐ผ๐ถ๐ ๐๐ฒ๐ฟ๐ฒโ๐ ๐ช๐ต๐ฎ๐ ๐๐ฎ๐ฝ๐ฝ๐ฒ๐ป๐ฒ๐ฑ
๐น Partial refunds begin
The GMX exploiter promised to โreturn the funds laterโ โ and delivered quickly, sending back 5M FRAX and then 3,000 ETH to the GMX deployer. The move follows GMXโs offer of a 10% white hat bounty and no legal action if funds were returned within 48 hours.
๐น Exploit recap
The attacker drained around $42M in ETH and stablecoins by abusing a flaw in GMXโs order book contract. The exploit worked because, while the contract had reentrancy protection, the hacker called an external function, bypassing it. The attacker then manipulated GLP token pricing, bringing BTC short prices down to just $1,913.70, which allowed them to unfairly inflate GLPโs price and drain liquidity pools.
๐น Quick ETH trade profit
Interestingly, the hacker swapped part of the loot into 11,700 ETH while ETH was near $2,600, just before ETHโs rally to over $3,000 โ turning a quick extra profit of several million dollars.
๐น Impact on GMX & market
Even with partial fund returns, the hack caused GMX token to drop ~30%, now trading near $13.28. GMXโs DeFi vaults also shrank from above $480M to around $409M. Meanwhile, the exploit day saw over $717K in fees generated due to heavy trading activity.
๐น Security spotlight
The case sparked debate on stablecoin freezes: despite Circleโs ability to freeze USDC, the hacker had enough time to move, swap, and bridge funds from Arbitrum to Ethereum before action.
โ ๏ธ Bottom line: Some funds are being returned, but the exploit still shows how creative attacks โ even with seemingly small contract gaps โ can shake DeFi platforms and user trust. GMX now works on fixes and audits to prevent similar attacks in future.
