GMX was hit by a $40 million hack through a critical vulnerability in its GLP V1 pool, affecting tokens like USDC, FRAX, and WBTC.
The team quickly offered the hacker a $5 million reward for the return of the funds, inspired by white-hat hacking.
After an initial 28% drop, the GMX token rebounded by 14% upon the announcement of partial fund returns.
Un hack à 40 millions, une réaction express
Last Wednesday, GMX, one of the most popular decentralized perpetual trading platforms on Arbitrum, was hit by a significant exploit. The protocol saw over $40 million vanish, siphoned from its GLP V1 liquidity pool. The culprit: a critical flaw that allowed the hacker to steal a variety of tokens, including USDC, FRAX, WBTC, and WETH.
The GMX team immediately took emergency measures: halting V1 trading and freezing GLP creation on Arbitrum and Avalanche. The goal was to contain the breach and prevent further escalation. However, faced with the magnitude of the theft, the platform also played a risky but rewarding card.
L’offre choc de GMX : 5 millions pour un retour
Instead of embarking on an uncertain legal pursuit, GMX sent an on-chain message to the hacker, offering a $5 million reward in exchange for the funds’ return, with no legal action if the money came back within 48 hours. An offer in line with the principles of ‘white-hat hacking’, where vulnerabilities are disclosed without malicious intent.
On Friday, the hacker responded, simply stating: ‘ok, funds will be returned later’. A few hours later, the first transfers were detected: 5.5 million FRAX, followed by an additional 5 million, sent directly to the GMX deployer. A gesture that seems to validate the agreement, although not all the stolen funds have been returned at the time of writing.
Le marché réagit… violemment
Following the attack, the GMX token had plummeted by 28%, hitting a harsh low of $10.45. But the announcement of the partial fund return immediately rejuvenated the market: +14% in a single day, with a return to $13.6.
This rebound underscores the key role of community trust in the DeFi space. A simple signal of compromise can reverse a negative spiral. However, vigilance remains essential.
Et maintenant ?
This type of incident starkly reminds us that even reputable platforms are not immune. GMX V2 and the native token were untouched, but the protocol’s resilience image takes a hit. In the medium term, it will be crucial to observe whether the project strengthens its architecture or revises its bug bounty practices.
One question remains: will the hacker return the full $40 million? And more importantly, will the community forgive as swiftly as the market?
