Recommended

#BTCCOGWEEK: Celebrate the Classics of Meme Coins
Crypto Deposit Make instant crypto transfers to your futures account
USDT-M Perpetual Futures Trade futures contracts settled in USDT
VIP Fee Discounts Enjoy different fee discounts based on your VIP level
Coin-M Perpetual Futures Trade futures contracts settled in cryptocurrency
Fiat Deposit Buy your favourite coins in seconds
Affiliates Invite friends & get rewarded
Convert Covert your crypto instantly
Support Centre Find our FAQs here
Announcements Find all our official announcements
BTCC Academy Learn about blockchain and crypto
News The latest trends in the crypto market

Promotions

Referral
Campaigns
Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / CryptotimesIO /
GMX Hack Exposed: The Inside Story of the $42M DeFi Heist

GMX Hack Exposed: The Inside Story of the $42M DeFi Heist

Author:
CryptotimesIO
Published:
2025-07-12 02:58:12
6
2

Another day, another DeFi exploit—except this one stings harder than most. GMX, the perpetual swaps darling, just got drained for $42 million in a move that’s equal parts audacious and embarrassing for the protocol.

How it happened: Price oracle manipulation, because of course it was. Attackers exploited a loophole in GMX’s synthetic asset pricing, gaming the system to print fake profits. The kicker? This wasn’t some shadowy zero-day exploit—it leveraged known vulnerabilities that should’ve been patched months ago.

The fallout: GMX’s native token took a 15% nosedive within hours, while the attacker laundered funds through Tornado Cash (classy touch). Meanwhile, the team’s damage control tweetstorm reads like a masterclass in ‘hopium’—promising reimbursements ‘soon’ while carefully avoiding the word ‘insolvent.’

Silver lining? At least it wasn’t an inside job. Probably. In crypto, that counts as progress.

What Actually Happened With GMX

GMX faced a major security breach on Wednesday, which led to a loss of over $42 million worth of cryptocurrency assets. Just after the theft, the attackers had already started cleaning their stolen money through the known channels. The funds were later partially transferred from Arbitum to ethereum blockchain, with an estimated amount of about $9.6 million, and this is a typical trend, where hackers use cross-chain bridges, and then they may transfer funds through privacy protocols such as Tornado Cash.

The stolen portfolio contains Wrapped Bitcoin (WBTC), wrapped Ethereum (WETH), FRAX, LINK, USDC and USDT. All the assets, excluding FRAX have been converted for 11,700 ETH which is worth around $32.33 million. 

Posting this message in hopes of connecting with the individual responsible for the GMX V1 exploit.

You've successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions.

The white-hat bug bounty of $5 million continues… https://t.co/KPf2fEtU6t

— GMX 🫐 (@GMX_IO) July 10, 2025

In reaction to the hack, the GMX developers have gone to the unconventional measure of reaching out to the hacker directly via an on-chain message, promising a 10% white-hat bounty to the hacker should they voluntarily send back the stolen funds. This WOULD handle the event as a possible security audit as opposed to an attack.

The GMX exploit adds to an already worrying trend of cryptocurrency security breaches. Blockchain security firm CertiK estimated that investors have lost around $2.5 billion to different hacks and scams in the first half of 2025, which also reveals the weaknesses of the decentralized finance ecosystem.

GMX Hacker Agreed to Return Funds

Following the onchain discussions with the GMX team, the hacker entity agreed to return stolen funds in exchange for a 10% white-hat bounty. Under the terms, GMX will not take any legal actions against the hacker nor will it hold anything against the hacker. Meanwhile, the hacker entity would keep approximately $5 million to themselves and send remaining stolen funds to the GMX deployer address. 

How GMX Exploited

The attacker targeted the V1 protocol of GMX, its GLP pool Smart contracts. The flaw? A design flaw in the way the protocol dealt with short positions and how it computed the values of the assets. When a user opened a short position, the contract would instantly change the global average price–not waiting until the market responded. This enabled the attacker to tamper with the calculations done by the system and withdraw money at artificially low prices.

Recent attack on GMX (@GMX_IO) resulted in over $42M in losses. Here’s a summary of our analysis:

Root causes:

1️⃣GMX v1 updates globalShortAveragePrices when opening shorts but not when closing.
2️⃣It immediately increases globalShortSizes on short position creation.

These… https://t.co/H7a4ie4WmZ pic.twitter.com/vzLHpFIRBo

— SlowMist (@SlowMist_Team) July 11, 2025

The Slowmist, a blockchain security firm, disclosed that the cause of this attack was a design flaw in GMX v1. According to Slowmist the root cause was that the global short average prices would instantly be reflected in short position operations, directly affecting the calculation of Asset Under Management (AUM) and thus manipulating the pricing of the GLP token.

This design flaw was exploited by the attacker by using Keeper to activate the “timelock.enableLeverage” functionality in order execution (a precondition to opening a large number of short positions). By means of reentry attacks, the attacker managed to open a large number of short positions, control the global average price, artificially increase the price of GLP in one transaction, and earn money by redemption operations.

Final Thoughts

The GMX exploit reveals a bitter reality: the openness of DeFi, which is its great strength, is also its Achilles heel. Even after a thorough audit, smart contracts may have hidden bugs that even highly skilled attackers can take advantage of. This hack highlights the difficulty of tracking illegal funds in a decentralized system, making recovery more difficult with the use of Tornado Cash.

In the case of GMX, the way out is a thorough postmortem, which the team has promised to do, to identify the underlying cause and avoid repetition. The industry should focus on the proactive approach, frequent smart contract updates, in-time control, and standardized security procedures. DeFi platforms might work together to create best practices, which will minimize the area of attack by hackers

The GMX hack is the wake-up call of the DeFi industry. Platforms such as GMX have to ensure that they offer state of the art features with uncompromising security. To the users, the incident is a lesson to remain cautious, turn off leverage when there are vulnerabilities, and use official sources to get updates. 

Although DeFi offers financial freedom, it requires constant attention to ensure that it does not fall into the hands of individuals who will take advantage of its openness. As the crypto community awaits what GMX will do next, there is one thing that is apparent, in the race to the future of DeFi, security should be at the forefront. 

Also read: Strategy’s $42B Bet on Bitcoin Faces Major Risks Despite Huge Profit

    

Google News

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service
Social Media

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved