GMX has officially finished its $44 million compensation program for GMX Liquidity Provider (GLP) holders on the Arbitrum network who were affected by the July V1 exploitation.
The protocol noted the completion of the program on August 13 through an announcement on X, bringing a close to a month-long recovery process.
Every wallet affected received full reimbursement, as well as additional incentives to encourage recipients to keep their funds returned by GMX.
The payout is one of the most significant community-driven recoveries in decentralized finance this year, on top of highlighting GMX’s dedication to protecting users, and ultimately seeking restitution following major events.
The July Exploit and Recovery Efforts Breakdown
The incident, as reported by Unocrypto on July 9th, was caused by a re-entrancy attack and vulnerability on GMX V1’s GLP pool, which allowed the exploiter to modify the short average price for Bitcoin and perform the exploit.
Upon recognition of the incident, GMX took immediate action to suspend GLP trading, minting, and redemption on both Arbitrum and Avalanche.
The exploiter negotiated with GMX and returned approximately $37.5 million to the protocol through a white-hat bounty, with the exploiter keeping roughly $5 million.
It was, however, noted that the hacker returned $10.49 million in assets, followed by $5 million in FRAX stablecoins, while an additional $32 million was swapped into Ethereum.
Although GMX’s token initially plunged 28% to $10.45, it later rebounded by 17% to $13.31 as recovery efforts progressed.
Also Read: Crypto Hacks Escalate in July as Attackers Steal $142 Million Marking a 27% Spike from June
Compensation Plan and Community Approval
According to the final plan made known to the community, and further sanctioned through a community Snapshot vote, GMX Liquidity Vault (GLV) tokens were distributed to eligible GLP token holders.
These vaults were also configured to replicate GLP’s pre-exploit composition of approximately 25% Wrapped Bitcoin, 25% Ethereum (ETH), and 50% stablecoins.
The GMX DAO also added a retention incentive of $500k for those who held their GLV tokens for three months.
The DAO also burned GLP controlled by the white-hat, representing 29% of the total supply, to restore the proportional value of remaining holders.
It also used its treasury to backfill a $2 million shortfall to make all parties whole.
Also Read: CoinDCX Employee Rahul Agarwal & An Engineer Arrested In $44M Exchange Hack
V2 Operations Remain Unaffected and Liquidity Recovers
GMX’s V2 was unaffected by the exploit; they have continued to show increasing volumes and liquidity in the months after the attack.
The DAO is developing customized recovery plans for DeFi protocols that use GLP and expect a full GLP redemption to be completed in the next 10 days.
The total value locked (TVL) dropped from $480 million to $409 million following the attack, but TVL levels have since risen above $600 million.
Also, GMX plans on pausing v1 before eventually retiring it; v2 will be GMX’s primary focus going forward.
Also Read: Crypto Hackers Exploit SuperRare Staking Contract Of $731K $RARE Tokens, Here’s All
Wider Context: Other Recent Crypto Hacks
The GMX hack is one of a few high-visibility hacks in the DeFi space this month. UnoCrypto news reported a few of such occurrences.
On August 8th, CrediX reported that it had suffered an exploit of $4.5 million due to compromised admin rights, but said that it had managed to recover the funds in less than 24 hours.
Nonetheless, the project’s sudden departure, taking its website with it and rendering its X account inactive, has led to speculation that this was an exit scam.
Also on the 13th of August, another hack involved Odin.fun’s launchpad. Here, hackers attacked a shallow liquidity pool with a pump and drain attack, resulting in 58.2 BTC stolen (worth around $7 million).
What these incidents demonstrate is that a variety of security vulnerabilities still exist in decentralized finance protocols and underline the importance of strong security measures in protocols as well as clear post-hack communications.
Also Read: Crypto Exchange BigONE Suffers Major Hack Resulting in Over $27 Million In Losses