GMX Dangles $4.2M Bounty Following Crippling $42M Exploit—White Hats Wanted
GMX just turned its security disaster into a hacker recruitment drive.
The decentralized trading platform—still reeling from a $42M exploit—is now offering a $4.2M reward for information leading to the attackers. Talk about a 10% consolation prize.
White hats, assemble
This isn't your typical bug bounty. GMX's offering represents one of DeFi's heftiest payouts for exploit intelligence—a desperate pivot after failing to prevent the breach in the first place.
The math stings: losing $42M means GMX could've paid this bounty 10 times over and still broken even. But in crypto, we call that 'risk management innovation.'
Will the gambit work? Either way, it's cheaper than hiring actual auditors.
TLDR
-
$42M Drained from GMX V1 GLP Pool in Major Arbitrum Exploit, Trading Halted
-
GMX Offers $4.2M Bounty to Hacker After Massive GLP Smart Contract Breach
-
Critical GMX V1 Exploit Hits Arbitrum, GLP Operations Paused Across Chains
-
Hacker Steals $42M via Re-Entrancy Exploit, GMX Moves to Contain Fallout
-
GMX V1 Breach Spurs $4.2M Bounty, Security Steps Urged for Forked Protocols
A critical exploit hit GMX on July 9, targeting the GLP pool in GMX V1 on Arbitrum, draining $42 million. The team confirmed that trading, minting, and redeeming for GLP on both Arbitrum and Avalanche has been disabled. The GMX token and GMX V2 remain unaffected by this vulnerability.
The attacker drained liquidity in several tokens including USDC, ETH, FRAX, WBTC, and WETH. According to blockchain security firm PeckShield, the hacker bridged around $9.6 million to Ethereum. The exploit triggered a sharp reaction in the market and prompted rapid action by the GMX Core team.
GMX exploiter moves $5.3M in ETH, swaps $9M USDC for DAI
According to @PeckShieldAlert on X, the $GMX Exploiter 2 address transferred 2,000 $ETH (~$5.3 million) to a new wallet on Arbitrum $ARB. The same entity also swapped approximately $9 million $USDC for DAI on Ethereum.
— CoinNess Global (@CoinnessGL) July 9, 2025
As a direct response, GMX issued an on-chain message to the exploiter, proposing a white-hat bounty worth 10% of the stolen funds. The proposal offers the hacker $4.2 million with no legal consequences if they return the remaining 90% within 48 hours. This MOVE aims to recover funds swiftly and minimize user losses across the GMX ecosystem.
GLP Liquidity Pool Targeted in Smart Contract Exploit
The attacker reportedly used a complex method possibly involving a re-entrancy exploit to mint abnormal amounts of GLP. The manipulated liquidity withdrawals were conducted in multiple transactions across different chains. PeckShield’s on-chain analysis shows that the funds were moved through strategic token swaps to obscure the trail.
.@GMX_IO has been exploited for ~$42M. The exploiter has bridged ~$9.6M worth of cryptos to #Ethereum. pic.twitter.com/SKTC1ubVEI
— PeckShield Inc. (@peckshield) July 9, 2025
Following the breach, GMX confirmed the vulnerability only impacts GMX V1 and its GLP pool, while GMX V2 and the GMX token remain secure. Trading functions for GLP have been paused as a precaution on all active chains. The protocol’s developers and security partners are continuing their investigation into the cause.
To prevent further damage, GMX advised all forks of GMX V1 to take immediate action. These include disabling leverage via Vault.setIsLeverageEnabled(false) and capping minting with setTokenConfig. The temporary cap should be set to “1” instead of “0” to enforce restrictions without disabling functionality entirely.
Hacker Transfers and Exchange Reactions
The attacker swapped a large amount of the stolen USDC to ETH and later converted it into DAI. Multiple wallets tied to the exploit still hold substantial sums of ETH and Arbitrum-based tokens. PeckShield tracked more than $32 million in Arbitrum and $9.5 million in ethereum under the hacker’s control.
South Korean exchange Bithumb has suspended all deposits and withdrawals for GMX. This pause will continue until GMX restores full operational security. The GMX team has not yet released a detailed postmortem but has assured that a full incident report is underway.
Bithumb suspends $GMX deposits and withdrawals amid security concerns
South Korean cryptocurrency exchange @BithumbOfficial has temporarily suspended deposits and withdrawals for GMX following security concerns. The suspension will remain in effect until network stability is…
— CoinNess Global (@CoinnessGL) July 9, 2025
The GMX exploit has put immediate pressure on the platform’s roadmap and highlighted risks in older contract architectures. Despite this setback, the team is focused on recovery, transparency, and user protection. Their proactive bounty offer is a strategic attempt to encourage cooperation from the attacker and safeguard remaining assets.
