-
GMX, a prominent cross-chain decentralized exchange, suffered a significant security breach resulting in the loss of approximately $40 million in assets from its V1 platform.
-
The exploit involved a sophisticated re-entrancy attack targeting the minting logic of GMX’s GLP token, leading to a drastic depletion of liquidity on the Arbitrum and Avalanche networks.
-
According to COINOTAG sources, GMX has proactively offered a 10% white-hat bounty to the attacker, encouraging a swift and ethical return of the stolen funds within 48 hours to avoid legal repercussions.
GMX faces a $40 million exploit via a re-entrancy attack on its GLP token, offering a 10% white-hat bounty to recover assets and secure its decentralized exchange platform.
GMX V1 Platform Exploited in $40 Million Re-Entrancy Attack
On July 9, 2025, GMX announced a critical vulnerability in its V1 platform, which operates on the Ethereum layer-2 scaling solution Arbitrum and Avalanche. The attacker exploited a flaw in the GLP token minting process, siphoning off roughly $40 million worth of digital assets, including Bitcoin, Ethereum, USDC, and USDT. This incident forced GMX to immediately disable V1 trading and suspend minting and redeeming of GLP tokens to mitigate further losses. The breach highlights the ongoing challenges decentralized exchanges face in securing smart contract logic, especially in complex liquidity pool mechanisms.
Technical Analysis of the Re-Entrancy Vulnerability and Its Impact on GLP Tokenomics
Blockchain security experts, including Suhail Kakar from TAC and PeckShield, identified the attack as a re-entrancy exploit—a method allowing multiple contract calls within a single transaction to manipulate token balances. Specifically, the attacker tricked the contract into repeatedly minting GLP tokens without proper withdrawal verification, inflating token supply while draining underlying liquidity. This precision attack exploited the short average price calculation on GMX V1, a vulnerability unique to this version. The incident underscores the critical need for rigorous smart contract audits and enhanced security protocols in DeFi ecosystems.
GMX’s Response and Industry Implications for Decentralized Exchange Security
In response to the breach, GMX swiftly communicated with its community via social media channels, advising users to disable leverage trading and GLP minting temporarily. The project is collaborating with security partners to conduct a thorough postmortem and has pledged transparency throughout the investigation. Notably, GMX extended a 10% white-hat bounty—equivalent to $4 million—to the attacker, incentivizing the ethical return of stolen funds within 48 hours to avoid legal action. This approach reflects a growing trend in the crypto industry to resolve hacks through cooperative means while reinforcing the importance of proactive vulnerability management.
Broader Context: Comparing GMX’s Exploit to Previous Crypto Security Incidents
While the GMX exploit involved a sophisticated smart contract vulnerability, it differs significantly from other high-profile crypto hacks such as Bybit’s $1.4 billion loss caused by compromised developer credentials. The re-entrancy attack on GMX echoes the infamous 2016 DAO hack on Ethereum, emphasizing that despite advancements in blockchain security, fundamental smart contract risks persist. Furthermore, the attacker’s use of Tornado Cash for wallet funding highlights ongoing regulatory and compliance challenges surrounding privacy tools in the crypto space.
Conclusion
The GMX $40 million exploit serves as a stark reminder of the vulnerabilities inherent in decentralized finance platforms, particularly those involving complex token minting and liquidity mechanisms. GMX’s transparent response and the offer of a white-hat bounty demonstrate a commitment to ethical resolution and community protection. Moving forward, enhanced smart contract auditing, real-time monitoring, and collaborative security efforts will be essential to safeguarding investor assets and maintaining trust in decentralized exchanges.