🚨 GMX Freezes V1 Trading After $42M Exploit Drains Arbitrum Liquidity Pool

GMX just pulled the emergency brake. The decentralized trading platform halted V1 operations after a $42 million digital heist siphoned funds from its Arbitrum liquidity pool—proof that even 'trustless' systems aren't immune to old-fashioned theft.

Anatomy of a Crypto Raid

Attackers exploited a vulnerability in GMX's v1 contracts, bypassing safeguards to drain the pool. The platform's native token dipped 8% post-announcement—because nothing reassures investors like a nine-figure security failure.

DeFi's Recurring Nightmare

This isn't GMX's first rodeo. The protocol suffered a $565k oracle manipulation attack in 2022. Yet here we are, watching the same movie with a bigger budget—complete with the classic 'we're investigating' tweetstorm from the team.

The Irony of 'Immutable' Code

GMX touts non-custodial trading as the future. Too bad the future still requires human-written smart contracts—and human-error-prone developers. Meanwhile, Wall Street bankers smirk while sipping $42 million martinis.

• GMX lost $42M after a crypto hacker exploited its V1 GLP pool on Arbitrum using a logic flaw.
• The attacker swapped stolen funds into ETH, DAI, and other tokens before bridging to Ethereum.
• To recover funds without enforcing legal charges, GMX offered a 10% bounty and suspended V1 trading.

A major security breach hit the decentralized trading platform GMX on Wednesday morning, draining more than $40 million from its GLP liquidity pool. To contain further risks, the GMX team responded by halting all V1 trading and GLP minting and redemption on both Arbitrum and Avalanche networks.

The GLP pool of GMX V1 on Arbitrum has experienced an exploit. Approximately $40M in tokens has been transferred from the GLP pool to an unknown wallet.

Security has always been a core priority for GMX, with the GMX smart contracts undergoing numerous audits from top security…

This incident adds to increasing concerns over the unstable safety of decentralised financing systems particularly those that involve Leveraged trading.

GLP Pool Breach Prompts Trading Suspension

The targeted pool was the GMX V1 GLP pool that acts as the leading liquidity provider in perpetual and spot transactions on the Arbitrum network. According to GMX’s official statement, the exploit did not affect GMX’s V2 protocol, its primary GMX token, or other supported liquidity pools and trading markets.

Blockchain analytics firms PeckShieldAlert and Arkham Intel reported that the crypto hacker moved the stolen funds through several channels, swapping assets such as USDC for ETH, then to DAI, and transferring out millions in FRAX, wrapped bitcoin, and wrapped ETH. The hacker’s wallet currently holds nearly $44 million in digital assets.

The attacker reportedly used a malicious contract funded via Tornado Cash to mask their identity and route stolen funds across networks. Data from Cyvers and Lookonchain indicates that the attacker bridged about $9.6 million to ethereum through Circle’s Cross-Chain Transfer Protocol before swapping it into DAI.

GMX announced that all the leveraged trading functions on V1 are frozen, and users should change their platform settings accordingly. The team is also halting GLP minting and redemption on Avalanche to protect remaining assets and user funds. The company will continue to prioritize investigating the exploit vector and mitigating any further risk to users.

The Rise of Wrench Attacks in Crypto: The Disturbing Shift From Online Hacks to Physical Violence

GMX Offers Bounty as Token Drops 18% Post-Exploit

An initial analysis from the blockchain security firm SlowMist and other investigators indicates that the attack took advantage of a mistake in how the GLP price was calculated, which let the attacker create GLP without backing it and exchange it for many different assets. This flaw enabled the rapid withdrawal of over $40 million in ETH, USDC, fsGLP, DAI, UNI, FRAX, USDT, WETH and LINK in a single transaction.

In addition, GMX responded to the hacker by offering a 10% white-hat bounty and stated that no law enforcement action should be taken if the funds are returned within 48 hours. According to The Block Price Page GMX, the protocol’s price dropped by approximately 18% after the exploit with the GMX token falling from $14.42 to $11.78.

Crypto Hack Highlights Limitations of DeFi Audits

Although the GMX V1 contracts have passed audits by Quantstamp and ABDK Consulting, they failed to withstand this targeted exploit. The audits failed to detect the exact logic vulnerability, allowing the attacker to manipulate the protocol’s leveraged position calculations. The crypto hack illustrates a flaw in decentralized finance in which security reviews often miss unique, protocol-specific risks that are exploited later.

Furthermore, a broader trend of crypto hacks targeting crypto exchanges and DeFi platforms coincides with this hack. According to a blockchain analysis firm, Chainalysis, more than $2.5 billion was lost in the first half of 2025 alone due to crypto hacks and exploits.

Crypto Hacks Hit $2.1B in H1 2025, TRM Labs Cites Surge in State-Sponsored Crime