GMX suffers $42M hack, issues 10% bounty offer to hacker

A major security incident struck the decentralized exchange GMX, siphoning approximately $42 million from its Arbitrum-based v1 perpetual platform.

In response, GMX has sent an on-chain message to the hacker offering a 10% white-hat bounty.

The platform stated that no legal action will be pursued if the remaining funds are returned within 48 hours. This move mirrors common damage control tactics used by DeFi protocols facing major exploits.

Following the attack, the platform’s token dropped 17% to a two-month low of $11.7 as of press time.

Launched in 2021, GMX is available across major blockchain networks including Solana, Avalanche, and Arbitrum.

According to official metrics, the platform has processed over $305 billion in trading volume and collected more than $435 million in fees.

The Exploit

On July 9, blockchain security firm Cyvers reported that the exploit originated from a malicious smart contract deployed by an address funded through Tornado Cash, an Ethereum-based privacy tool often used to obfuscate transactions.

According to Cyvers, the attacker targeted a range of assets, including ETH, USDC, fsGLP, DAI, UNI, FRAX, USDT, WETH, and LINK.

Blockchain data reveals that about $9.6 million has already been bridged to Ethereum’s mainnet, while the remaining funds remain on the Arbitrum network.

On-chain analysts pointed out that the attacker carried out the hack by minting GLP tokens and redeeming them for high-value digital assets, which were later converted to ETH.

Circle under fire

Meanwhile, security experts have criticized Circle, the issuer of USDC, for its slow response to the incident.

Crypto analyst Ultra pointed out that the exploiter held $30 million in USDC at one point and continued to swap other tokens into the stablecoin without being blacklisted. Even an hour after the attack, $4.3 million in USDC remained untouched in the exploiter’s wallet.

The attacker has since shifted the USDC into DAI, a decentralized stablecoin on Ethereum.

This complaint mirrors similar issues prominent investigator ZachXBT has raised about Circle’s recurring delays in freezing suspicious funds.

The post GMX suffers $42M hack, issues 10% bounty offer to hacker appeared first on CryptoSlate.