GMX Hacker Strikes Gold: $5M Payday After $50M Protocol Exploit

Another day, another DeFi heist—except this one comes with a bizarre twist. The attacker behind GMX's $50M exploit just walked away with a cool $5M 'refund' after negotiations. Talk about a hostile takeover bonus.

How the hack unfolded

The exploit leveraged a price oracle vulnerability, draining funds faster than a degenerate trader liquidates margin positions. GMX's team scrambled to contain the damage—but not before the hacker pulled off crypto's weirdest exit strategy.

The $5M question

Why settle for pennies when you've stolen dollars? Insiders whisper the 'whitehat' payout was actually a clever ransom payment disguised as a bug bounty. Either way, it sets a dangerous precedent—next time, every script kiddie will demand severance pay.

DeFi's recurring nightmare continues: protocols keep building fragile castles, hackers keep bringing them down, and VCs keep writing checks like nothing happened. The circle of (crypto) life rolls on.

In Brief

• A hacker who stole $40 million from GMX has started returning the funds after accepting a $5 million white hat bounty.
• So far, about $20 million has been returned in ETH and FRAX tokens following on-chain messages from the hacker.
• GMX offered 10% of the stolen funds as a bounty and warned of legal action if the rest isn’t returned within 48 hours.

Hacker starts returning millions

On Wednesday, GMX v1, a decentralized perpetual trading platform on Arbitrum, was exploited through a design flaw that allowed the attacker to manipulate the value of GLP tokens and drain liquidity. The attacker initially made off with $40 million in various coins.

However, hours later, blockchain security firm PeckShield flagged an on-chain message from the exploiter: “Ok, funds will be returned later.” Shortly after, funds started flowing back to the address specified by GMX.

So far, approximately $20 million has been returned, including $9 million in ETH and over $10 million in FRAX tokens across two separate transfers.

$5M white hat bounty

The GMX team publicly acknowledged the hacker’s technical prowess and offered a $5 million WHITE hat bounty in exchange for the safe return of the assets. The bounty, close to 10% of the stolen funds, came with no strings attached, allowing the hacker to spend it freely and legally, with assistance from GMX to prove its source if needed.

In a message sent on-chain, GMX also warned the attacker that legal proceedings WOULD begin within 48 hours if the funds weren’t returned. The combination of incentives and pressure appears to have worked.

Security and trust

This partial recovery is a win for the GMX protocol and its users, though questions remain around the exploit’s root cause and whether more funds will be returned. Still, the use of a white hat bounty, rather than law enforcement alone, shows a growing trend in decentralized security negotiations.

As DeFi platforms grow in size and complexity, bounties and on-chain diplomacy may play an increasingly important role in managing risks and damage control.

Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.