On July 9, decentralized perpetual and spot exchange GMX confirmed a critical exploit that drained over $42 million from its V1 GLP pool on the Arbitrum network.
The attack, which took place in a single, well-executed transaction, exploited vulnerabilities in the GLP vault mechanism, allowing the attacker to siphon off a large amount of crypto assets.
In response, GMX halted trading and froze all minting and redeeming functions for GLP tokens on both Arbitrum and Avalanche networks.
Importantly, the breach was isolated to GMX V1, GMX V2, the platform’s token, and its broader trading ecosystem were not affected.
Still, the hack represents a massive blow to the credibility and perceived safety of one of DeFi’s most established platforms.
How the GMX Exploit Was Executed Despite Multiple Audits
Initial findings suggest that the attacker manipulated GMX’s leverage function by artificially inflating their position and minting excessive GLP tokens without proper collateral.
These tokens were then redeemed for real assets from the GLP pool, leaving it short by over $40 million within minutes.
Despite having undergone audits by Quantstamp and ABDK Consulting, which checked for common issues like reentrancy and access control, the protocol failed to detect the specific logic flaw in its leverage mechanism.
The development underlines a recurring problem in DeFi: traditional audits often miss nuanced, protocol-specific vulnerabilities, especially those related to economic manipulation rather than technical bugs.
Also Read: Crypto Hack Losses Surge 1,163% In April To $364M After Total Hack Value Reaches $11.35B
Hacker Used Tornado Cash, Bridged Funds Across Chains
Post-attack analysis by security platforms such as Cyvers and Lookonchain revealed that the attacker routed stolen funds through Tornado Cash, an on-chain privacy tool, to obscure their trail.
Approximately $9.6 million was then bridged from Arbitrum to Ethereum using Circle’s Cross-Chain Transfer Protocol.
The hacker quickly converted a portion of the funds into DAI stablecoins, signaling preparation for laundering or liquidation.
The stolen assets spanned a diverse range of tokens, including ETH, USDC, fsGLP, DAI, UNI, FRAX, USDT, WETH, and LINK, indicating a multi-asset, cross-protocol exploit that hit both native and synthetic crypto assets.
Also Read: Tether Freezes 3 Wallet Addresses Holding Total of 870,000 USDT Possibly Due To Crypto Hack
Auditing Limitations and the Growing Security Crisis in DeFi
The GMX breach raises urgent concerns about the effectiveness of current DeFi auditing practices.
While the platform had taken precautions, including a $5 million bug bounty program and ongoing monitoring by Guardian Audits, none of the safeguards prevented this highly damaging exploit.
The recent update reflects a broader issue in the decentralized finance ecosystem, where even well-audited projects with advanced safety measures remain vulnerable.
The incident has triggered renewed calls for more rigorous, simulation-based auditing frameworks that go beyond static code review and test for economic game theory exploits.
Also Read: Phantom Faces Lawsuit After Alleged Wallet Vulnerability Results In $500,000 Crypto Hack
A String of Hacks Signals DeFi’s Widening Attack Surface
The GMX exploit is just one in a troubling series of DeFi hacks making headlines in recent weeks.
Venus Protocol on BNB Chain suffered a $2 million loss due to a smart contract exploit involving MEV bots and inadequate permission controls.
Meanwhile in the early part of June, Alex Protocol lost $8.3 million in a separate liquidity pool exploit but has responded with a reimbursement program for affected users.
Additionally in May, a potential $12 million breach was reported involving Cork Protocol, suggesting the attacker may still be active.
These incidents collectively highlight a widening attack surface in DeFi, where rapid innovation continues to outpace security, leaving billions at risk across interconnected blockchain ecosystems.