GMX Hacker Converts Stolen Loot into 11,700 ETH

Bitget App

Trade smarter

Bitget

News

Cryptopotato2025/07/09 16:00

By:Author: Wayne Jones

A re-entrancy exploit let the GMX hacker manipulate GLP token prices, leading to $42M in losses now mostly converted to ETH.

On July 9, the decentralized trading platform GMX suffered a major exploit, leading to the loss of $42 million in assorted cryptocurrencies.

Now, on-chain data shows that the hacker has changed most of the stolen funds into 11,700 ETH.

The GMX Hack

The Wednesday incident saw the attacker stealing over $10 million worth of legacy Frax Dollar (FRAX), $9.6 million in wrapped Bitcoin (wBTC), and about $5 million in DAI stablecoin.

Following the breach, $9.6 million of the funds were bridged to the Ethereum blockchain and exchanged into DAI and ETH, with a further $32 million remaining on Arbitrum.

GMX confirmed the theft in a post on X:

“The GLP pool of GMX V1 on Arbitrum has experienced an exploit. Approximately $40M in tokens has been transferred from the GLP pool to an unknown wallet.”

However, according to blockchain analytics platform Lookonchain, the bad actor has now exchanged all the stolen assets, except FRAX, into 11,700 ETH, which they then sent to four new wallets.

The protocol had earlier clarified that GMX V2, its markets, liquidity pools, and the GMX token were not affected. It also announced a temporary pause on GLP token minting and redemption on both Arbitrum and Avalanche to prevent further impact and secure funds. Its users were later told to disable leverage and update their settings to block further GLP minting.

Additionally, GMX sent an on-chain message to the hacker, offering a white-hat bounty worth $4.2 million. The proposal also promised there would be no legal consequences if the culprit returned the remaining 90% within 48 hours. So far, they have not responded.

A Re-Entrancy Exploit

A full postmortem report has not yet been released. However, blockchain security firm SlowMist has attributed the breach to a design flaw in GMX V1. The vulnerability enabled the exploiter to manipulate the GLP token price by interfering with the system’s calculation of total assets under management.

SlowMist explained that they used a function that enables leverage during order execution and performed a re-entrancy attack. These allow repeated calls within one function, causing a smart contract to calculate the wrong balance.

By opening large short positions in a single transaction, the criminal was able to manipulate the global price data. This action artificially inflated the GLP token price and profit through redemption.

Hacks and cybersecurity attacks remain a major challenge in the crypto industry. A recent CertiK report revealed that over $801.3 million was lost across 144 incidents in Q2 2025. Phishing was the most damaging, with $395 million stolen in 52 exploits. Code vulnerabilities followed closely, causing $235.8 million in losses across 47 cases.

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops

Lock your assets and earn 10%+ APR

Lock now!

1. **Challenges in the Creator Economy**: Web2 content platforms suffer from issues such as opaque algorithms, non-transparent distribution, unclear commission rates, and high costs for fan migration, making it difficult for creators to control their own data and earnings. 2. **Integration of AI and Web3**: The development of AI technology, especially AI Avatar technology, combined with Web3's exploration of the creator economy, offers new solutions aimed at breaking the control of centralized platforms and reconstructing content production and value distribution. 3. **Positioning of the TwinX Platform**: TwinX is an AI-driven Web3 short video social platform that aims to reconstruct content, interaction, and value distribution through AI avatars, immersive interactions, and a decentralized value system, enabling creators to own their data and income. 4. **Core Features of TwinX**: These include AI avatar technology, which allows creators to generate a learnable, configurable, and sustainably operable "second persona", as well as a closed-loop commercialization pathway that integrates content creation, interaction, and monetization. 5. **Web3 Characteristics**: TwinX embodies the assetization and co-governance features of Web3. It utilizes blockchain to confirm and record interactive behaviors, turning user activities into traceable assets, and enables participants to engage in platform governance through tokens, thus integrating the creator economy with community governance.

BlockBeats•2025/11/22 11:23

Empowered by AI Avatars, How Does TwinX Create Immersive Interaction and a Value Closed Loop?

Aster CEO explains in detail the vision of Aster privacy L1 chain, reshaping the decentralized trading experience

Aster is set to launch a privacy-focused Layer 1 (L1) public chain, along with detailed plans for token empowerment, global market expansion, and liquidity strategies.

BlockBeats•2025/11/22 11:22