🚨 $40M Crypto Heist Rocks GMX: Hacker’s Ethereum & Arbitrum Money Laundering Spree

Another day, another DeFi exploit—except this one’s a $40 million gut punch to GMX traders. Here’s how it went down.

The Attack: Fast, Brutal, and Slick

A hacker bypassed GMX’s defenses, draining wallets faster than a Vegas high roller. The loot? Over $40 million in crypto—gone before anyone could hit the panic button.

The Laundering Game: Ethereum and Arbitrum as Accomplices

Like a cybercriminal version of *Ocean’s Eleven*, the attacker bounced funds between Ethereum and Arbitrum. Cross-chain hops made tracing harder—because why make it easy for the suits?

DeFi’s Recurring Nightmare

GMX joins the hall of shame alongside other exploited protocols. Audits? Overrated. Security? A work in progress. But hey, at least the hacker’s gas fees were tax-deductible.

The Bottom Line

Until DeFi matures beyond 'code is law' into 'code is *actually* secure,' these heists will keep funding someone’s Lambo. Probably not yours.

• Hacker laundered $32M in ETH and held $10.5M in FRAX after exploiting GMX.
• GMX offered a 10% bounty for the return of stolen funds within 48 hours.
• Attacker briefly held $30M in USDC before laundering through new wallets.

A cyberattack on the decentralized exchange GMX has resulted in the theft and laundering of more than $40 million in user assets. The breach occurred early Wednesday, forcing the platform to halt trading operations as internal and external investigators worked to trace the source and scope of the exploit.

Blockchain security firm PeckShield confirmed that the exploiter quickly converted the stolen tokens into Ether. On the ethereum network, assets including WBTC, WETH, UNI, FRAX, LINK, USDC, and USDT were exchanged for 11,700 ETH, worth roughly $32 million. An additional $10.5 million in FRAX stablecoin remains held on Arbitrum.

#PeckShieldAlert #GMX Exploiter has swapped stolen funds (WBTC/WETH/UNI/FRAX/LINK/USDC/USDT) for 11.7K $ETH (~$32M) on #Ethereum & retained 10.5M $FRAX on #Arbitrum pic.twitter.com/Us664AEdsK

PeckShield tracked the movement of 4,308.80 ETH from a wallet labeled “GMX Exploiter 1” to a second address, also linked to the attacker. That wallet then distributed the funds to four newly generated intermediary wallets. Three of these received exactly 3,000 ETH each, while the fourth received 2,699.95 ETH. These addresses had no prior transaction history and are suspected of being used to obfuscate the laundering path.

GMX Confirms Incident, Offers Bounty for Return

GMX confirmed the incident on social media and stated that trading had been suspended while a full investigation was being conducted. The company also noted that its platform had undergone multiple security audits by independent firms before the exploit.

In an on-chain message addressed to the hacker, GMX proposed a 10% bounty, equivalent to over $4 million, in exchange for the return of the remaining funds within 48 hours. The company said it WOULD not pursue legal action if the offer was accepted.

$30M in USDC Briefly Controlled Before Further Laundering

The exploiter briefly held close to $30 million in USDC, the stablecoin issued by Circle, before moving those funds through additional transactions. Some community members criticized the delay in freezing addresses connected to the exploit, pointing to the centralized control Circle maintains over USDC as a potential opportunity to block illicit flows.

GMX, launched in 2021, has reported over 714,000 users and a cumulative trading volume of $305 billion. This incident marks one of the largest individual thefts targeting a decentralized platform in 2025. Trading remains suspended as investigators continue to examine the attacker’s methods and movement of funds.