GMX Exchange Rocked by $42M Hack—Token Tanks Amid Security Crisis

Another day, another crypto heist—GMX joins the hall of shame with a $42 million exploit. The decentralized exchange’s token nosedived faster than a trader’s confidence after leverage gets liquidated.

How it happened: While the team scrambles for damage control, questions swirl about protocol safeguards (or lack thereof). Smart contracts? More like smart loopholes.

The fallout: GMX holders got rekt harder than a meme coin in a bear market. Meanwhile, the hackers are probably sipping margaritas on a blockchain beach—untraceable, of course.

Silver lining? At least it wasn’t an inside job… probably. Just another reminder: In crypto, your keys aren’t the only thing that can disappear overnight.

TLDR

• GMX V1 decentralized exchange lost $42 million after hackers exploited a design flaw in its GLP liquidity pool on Arbitrum
• The exploit manipulated GLP token pricing calculations, allowing attackers to mint tokens without proper backing and drain funds
• GMX suspended all V1 trading and GLP minting on both Arbitrum and Avalanche networks to prevent further losses
• The attack did not affect GMX V2 protocol or the main GMX token, with hackers using Tornado Cash to hide their identity
• GMX offered a 10% bounty for fund return within 48 hours while the GMX token price dropped 30% following the exploit

The GMX decentralized exchange suffered a major security breach on Wednesday, with hackers draining $42 million from its V1 GLP liquidity pool on the Arbitrum network. The attack prompted the protocol to immediately halt all trading on GMX V1 and suspend GLP token minting and redemption services.

URGENT: for all GMX V1 forks, GMX V1 has been exploited.

The issue could potentially be mitigated by doing the below:

1. Disable leverage: this can be done by setting Vault.setIsLeverageEnabled(false) or, if Vault Timelock is used, by setting… https://t.co/BbcUSaXyq9

— GMX 🫐 (@GMX_IO) July 9, 2025

The targeted pool serves as the primary liquidity provider for GMX’s perpetual and spot trading on Arbitrum. The pool contained a basket of digital assets including Bitcoin, Ethereum, and various stablecoins that were drained in the attack.

Blockchain security firm SlowMist identified the exploit as stemming from a design flaw in the GLP token pricing mechanism. The vulnerability allowed hackers to manipulate the calculation of total assets under management, enabling them to mint GLP tokens without proper backing.

The attackers used this flaw to create unbacked GLP tokens and immediately swap them for legitimate assets. In a single transaction, they withdrew over $40 million worth of ETH, USDC, DAI, UNI, FRAX, USDT, WETH, and LINK tokens.

Attack Vector and Fund Movement

Blockchain analytics firms PeckShieldAlert and Arkham Intel tracked the movement of stolen funds across multiple channels. The hackers initially funded their malicious contract through Tornado Cash, a cryptocurrency mixer that helps obscure transaction origins.

After draining the pool, the attackers swapped USDC for ETH, then converted portions to DAI and other tokens. They transferred millions in FRAX, wrapped bitcoin, and wrapped ETH through various protocols.

Data from Cyvers and Lookonchain shows the attackers bridged approximately $9.6 million to ethereum through Circle’s Cross-Chain Transfer Protocol. The hacker’s wallet currently holds nearly $44 million in digital assets according to tracking services.

The GMX team confirmed that the exploit only affected the V1 protocol and its GLP pool. GMX V2, the protocol’s newer version, remained unaffected along with other liquidity pools and the main GMX token.

Protocol Response and Impact

GMX responded by freezing all leveraged trading functions on V1 and instructing users to disable leverage settings. The team also halted GLP minting and redemption on the Avalanche network as a precautionary measure.

In an attempt to recover funds, GMX offered the attackers a 10% white-hat bounty. The protocol stated it WOULD not pursue legal action if the stolen funds were returned within 48 hours of the announcement.

The market reacted negatively to the exploit news. The GMX token price dropped approximately 30% following the attack.

Audit Limitations Exposed

The exploit highlighted limitations in current decentralized finance security practices. The GMX V1 contracts had previously passed audits by Quantstamp and ABDK Consulting, yet these reviews failed to detect the specific vulnerability.

The audits missed the unique logic flaw that allowed manipulation of Leveraged position calculations. This demonstrates how security reviews often overlook protocol-specific risks that attackers later exploit.

Broader Industry Context

This attack adds to a growing list of crypto hacks in 2025, with losses reaching $2.5 billion in the first half of the year. The largest single incident was the Bybit hack in February, which resulted in approximately $1.4 billion in stolen funds.

Other recent incidents include the Iranian crypto exchange Nobitex losing over $81 million in June to a pro-Israeli hacker group called Gonjeshke Darande. The exchange was forced to temporarily pause services following the attack.

The US Treasury’s Office of Foreign Assets Control announced sanctions on Song Kum Hyok and associated North Korean hackers on Wednesday. This group had infiltrated several crypto companies and defense contractors through social engineering and cybersecurity breaches.

GMX continues investigating the exploit vector while maintaining suspended V1 operations and protecting remaining user funds on both Arbitrum and Avalanche networks.