The decentralized exchange (DEX) GMX has fallen victim to a hacking incident, resulting in approximately $42 million in digital assets being stolen. The suspicious outflow of funds was first noticed by a researcher known as DeFi Cheetah.
GMX seems to have been exploited for ~$42M. Exploiter Address: https://t.co/lQ4vAwod7J…
It seems to be a re-entrancy attack where GLP was able to be abnormally minted.— DeFi Cheetah — e/acc (@DeFi_Cheetah) July 9, 2025
According to on-chain data, at the time of writing, the hacker is transferring assets from the L2 solution Arbitrum to Ethereum. Part of the USDC stablecoins has already been exchanged for DAI. The wallet also holds wBTC, ETH, wETH, UNI, and LINK.
Representatives of GMX have confirmed the incident. According to them, the GLP coin pool on GMX V1 in the Arbitrum network was targeted in the attack.
The GLP pool of GMX V1 on Arbitrum has experienced an exploit. Approximately $40M in tokens has been transferred from the GLP pool to an unknown wallet.
Security has always been a core priority for GMX, with the GMX smart contracts undergoing numerous audits from top security…
— GMX ? (@GMX_IO) July 9, 2025
“Trading on GMX V1, as well as the issuance and redemption of GLP, has been disabled on both Arbitrum and Avalanche to prevent further attacks and protect users from additional negative consequences,” the statement reads.
The vulnerability does not affect GMX V2, its markets, liquidity pools, or the native GMX token, the platform representatives emphasized.
Following the attack, the GMX price dropped by 17% — from $15 to $11.4, according to CoinGecko.
Back in June, the stablecoin protocol Resupply lost approximately $9.5 million due to a hack. The hacker exploited a vulnerability in the exchange rate calculation system.