Hacker Attacks GMX Returns $40 Million, Keeps $5 Million "Hidden" Through Tornado Cash

The decentralized exchange $GMX has just experienced a re-entrancy attack that resulted in over $40 million in cryptocurrency being stolen. However, the hacker surprisingly turned around and "played the white hat," returning most of the assets to GMX.

Specifically, the attacker returned $40.5 million, including 10,000 Ethereum, to GMX's secure wallet after agreeing to the "10% bounty" proposed by the exchange, in return for the exchange not pursuing legal action. Notably, #Hacker still retained $5 million in Ethereum and transferred this amount through Tornado Cash — a coin mixing tool that has been flagged by the U.S. for helping conceal illegal money flows.

According to #gmx , the hack exploited a vulnerability in the GLP pool of the exchange on Arbitrum, allowing the hacker to manipulate the price of the GLP token and then withdraw Bitcoin and Ethereum at inflated prices. This is the re-entrancy trick that caused the infamous DAO hack disaster in 2016.

Although the price of GMX token increased by 16% in the last 24 hours, reaching $12.24 (according to CoinGecko), it still slightly decreased by 6% over the week. This incident once again sounds the alarm about the security vulnerabilities that many crypto projects still easily fall victim to.

Investing in cryptocurrency carries high risks due to significant price volatility.