Crypto Redemption: Hacker Returns $42 Million Stolen in GMX Exploit—Bullish for DeFi?

In a plot twist even Hollywood wouldn’t dare script, the anonymous hacker behind the $42 million GMX exploit just pulled a 180—returning every last digital cent. Was it guilt, a white-hat awakening, or just smart PR? DeFi’s wild west just got a dose of karma.

How the Heist Unraveled

The attacker exploited a price oracle loophole—draining funds faster than a Vegas high roller. GMX’s team scrambled, exchanges froze assets, and the crypto community braced for another ‘rug pull’ narrative. Then… radio silence.

The Unexpected U-Turn

Three days later, the funds reappeared in GMX’s wallet—no ransom, no demands. Speculation erupted: Was this a moral crisis mid-heist? Or a hacker realizing $42 million in ill-gotten gains looks terrible on a future Coinbase job application?

DeFi’s Trust Paradox

While centralized exchanges play compliance theater, this saga proves decentralized finance’s transparency cuts both ways. You can steal—but you can’t hide. (Take notes, Wall Street.)

Bullish Side Effect: GMX’s native token spiked 18% post-return—because nothing pumps a project like a hacker-turned-unofficial-QA-tester.

Crypto Hacker Takes $42 Million From GMX

On Friday, the recent GMX V1 exploit ended on a happy note after the individual responsible for the incident turned into a white-hat hacker. Perpetual and spot crypto exchange GMX lost over $40 million on Wednesday when an attacker exploited a vulnerability in the protocol’s first version on Arbitrum.

According to online reports, GMX V1’s vault contract had a vulnerability that allowed the attacker to manipulate the GLP token price through the system’s calculations.

Blockchain security firm SlowMist explained that “The root cause of this attack stems from GMX v1’s design flaw, where short position operations immediately update the global short average prices (globalShortAveragePrices), which directly impacts the calculation of Assets Under Management (AUM), thereby allowing manipulation of GLP token pricing.”

Through a reentrancy attack, they successfully established massive short positions to manipulate the global average prices, artificially inflating GLP prices within a single transaction and profiting through redemption operations.

As a result, approximately $42 million worth of assets, including Legacy Frax Dollar (FRAX), Wrapped Bitcoin (WBTC), wrapped ETH (WETH), and other tokens, were transferred from the GLP pool to an unknown wallet.

The perpetual crypto exchange halted GMX V1’s trading and GLP’s minting and redeeming on both Arbitrum and Avalanche to prevent another attack and protect users’ funds. However, they clarified that the exploit was limited to GMX’s V1 and its GLP pool. GMX V2, its markets, or liquidity pools, and the GMX token were not affected and remained safe.

White-Hat Claims $5 Million Bounty

Following the incident, GMX sent a message on-chain and on X offering a $5 million white-hat bounty to the attacker, claiming that their abilities were “evident to anyone looking into the exploit transactions.”

GMX’s team noted that returning the funds within the next 48 hours and accepting the bounty WOULD allow the hacker to “spend the funds freely,” instead of taking additional risks to access them. They also vowed not to pursue any legal action and to assist the exploiter in providing proof of source for the funds if it is ever required.

Today, the exploiter responded in an on-chain message, accepting the bounty and starting the return process. As Lookonchain reported, they initially returned $10.49 million worth of FRAX on Friday morning.

Meanwhile, another $32 million worth of assets had been swapped into 11,700 ETH, which are now valued at $35 million after the King of Altcoins’ price jumped to the $2,990 mark.

In the following hours, the hacker returned 10,000 ETH, worth $30 million, keeping only 1,700 ETH, valued at $5.2 million, as the bounty.

GMX later confirmed that the funds have now been safely returned and thanked the white-hat hacker for their actions, ultimately giving a positive turn to the incident.

Lastly, they informed users that “contributors are working on a proposed distribution plan for presentation to the GMX DAO and will share more information shortly.”