On July 9, 2025, GMX, a decentralized perpetual exchange, experienced a significant security breach that led to the halting of trading on GMX V1 and the suspension of GLP token minting. The exploit resulted in a loss of approximately $42 million in crypto assets from its GLP (GMX Liquidity Provider) pool on the Arbitrum network. The attacker(s) successfully transferred the funds to an unknown wallet.

Vulnerability and Response

The breach specifically targeted the GLP pool of GMX V1 on the Arbitrum platform. Initial reports suggest the exploit stemmed from a flaw in the smart contract's validation checks, which allowed the attacker to bypass security measures and make unauthorized withdrawals. Blockchain security company SlowMist attributed the exploit to a design flaw that allowed hackers to manipulate the GLP token price through the calculation of the total assets under management.

In response to the attack, GMX has taken immediate steps to mitigate further damage. Trading on GMX V1 has been disabled, and the minting and redemption of GLP tokens on both Arbitrum and the layer-1 Avalanche network have been temporarily suspended. These measures aim to prevent any additional fallout from the cybersecurity exploit. GMX has also advised projects forking GMX V1 to disable leverage and limit token minting to mitigate risks.

The GMX team has reached out to the hacker, offering a 10% "white-hat" bounty, equivalent to approximately $4.2 million, in exchange for the return of the remaining stolen assets. The message, sent via an on-chain transaction to the attacker's wallet, stated that GMX will not pursue legal action if the funds are returned within 48 hours.

Impact and Investigation

The exploit has raised concerns about security in the DeFi sector. The GMX token (GMX) experienced a sharp price drop following the initial reports, reflecting market uncertainty. The price fell to as low as $12.51.

GMX's core contributors and security partners are actively investigating the exploit to identify the root cause and implement necessary fixes. A detailed incident report is expected to be released upon completion of the investigation. Users are advised to monitor official GMX channels for updates and follow recommended security practices to safeguard their assets.

Unaffected Components

The GMX team has emphasized that the exploit does not affect GMX V2, its markets, or liquidity pools, nor does it impact the GMX token itself. According to the GMX team, the vulnerability is limited to GMX V1 and its GLP pool.

Fund Recovery Efforts

Following the exploit, the attacker moved funds in several stages. They drained liquidity from the pool in USDC stablecoins, then swapped the USDC into ETH before converting a portion of that to the DAI stablecoin. Significant amounts of FRAX, wrapped bitcoin (WBTC), wrapped ether (WETH), and other tokens were also extracted. These transactions were executed across various chains and included complex swaps designed to mask the movement of the funds. Blockchain detective ZachXBT has criticized Circle for not freezing the 9 million USDC stolen from GMX V1, noting they were bridged from Arbitrum to Ethereum.

Currently, the wallet associated with the exploit holds nearly $44 million. The GMX team is closely monitoring for any further on-chain movements by the exploiter.