In a surprise turn, the GMX exploiter has begun sending back the stolen assets to the protocol after accepting a $5 million bug bounty.
The hacker, who took more than $40 million from the V1 GLP pool on Arbitrum, agreed in an onchain message to return the funds in a white‑hat gesture. The deal came with a promise of no legal action if the assets were back within 48 hours.
Exploit and Immediate Response
Late last week, an attacker used a re‑entrancy flaw in GMX’s V1 OrderBook contract on Arbitrum. They manipulated the average short price of BTC, drove up the GLP token price, and redeemed at a profit.
Over $40 million in USDC, FRAX, WBTC, and WETH was stolen before GMX halted trading and minting on both Arbitrum and Avalanche.
To recover the funds, GMX set a 10 % bounty via an onchain proposal. The protocol pledged not to press charges if the exploiter returned the assets within two days.
On Friday, PeckShield flagged an onchain reply: “ok, funds will be returned later.” This calm reply marked the start of the recovery process.
Partial Returns Begin
Lookonchain noted that the hacker first sent back $10.49 million in $FRAX tokens. Then another 5 million $FRAX transfer appeared, totalling $15.49 million returned.
Meanwhile, roughly $32 million in other stolen coins had been swapped into 11,700 ETH. That ETH is now worth about $35 million, netting the exploiter a $3 million gain so far.
Observers are watching to see if the hacker will send back all 11,700 ETH or simply return $32 million and keep the $3 million windfall. The protocol’s plan hinges on the full recovery of the assets or at least a clear agreement on how much profit the hacker may retain.
Also Read: Whale Transitions From Short To Long On GMX Exchange, Securing $177K Profit In ETH
GMX Price Actions
News of the exploit sent GMX’s native token tumbling by 28 % to a low of $10.45. Traders panicked as the breach unfolded. But after word of the bounty deal and first returns spread, the token surged. It now trades at $13.31, a 17 % rise in the last 24 hours.
Alongside the price jump, GMX’s global market cap sits at $135.56 million. Trading volume has fallen by 39.59 % in the past day as users weigh the impact of the exploit and the recovery steps.
Technical Post‑Mortem
On Thursday, GMX published a report on the breach. It confirmed the re‑entrancy vulnerability in the OrderBook contract allowed the attacker to skew BTC pricing and mint inflated GLP tokens. The protocol noted that GMX V2 and the native token were safe throughout the incident.
As a precaution, GLP minting and redemption on Arbitrum will be disabled until further notice. GMX’s team is working with partners to track any remaining stolen funds. All recovered assets will go toward user reimbursement.
GMX has opened channels for users who held positions during the attack. Affected traders will be able to close or adjust their positions once the protocol fully restores normal operations. The team says it aims to make the impacted users whole.
Also Read: GMX and MIM Spell Contracts Suffer $12.9 Million Crypto Hack as Hacker Moves 6,262 ETH