Hacker Returns $40 Million Stolen from GMX

The perpetrator has returned nearly all the funds stolen from the GMX protocol, agreeing to a $5 million reward offered by the project’s team.

#PeckShieldAlert #GMX Exploiter msg: funds will be returned later pic.twitter.com/ohlOVYWSvD

— PeckShieldAlert (@PeckShieldAlert) July 11, 2025

An unknown individual withdrew assets from the GLP coin pool on GMX V1 in the Arbitrum network. The breach affected USDC, FRAX, wBTC, and wETH.

The GMX team sent an on-chain message to the hacker, offering 10% of the amount as a reward and promising not to pursue legal action if the remaining 90% was returned within 48 hours.

The hacker responded:

“Ok, funds will be returned later.”

Shortly thereafter, the hacker sent two tranches of 5.5 million FRAX and 5 million FRAX to the GMX address. Later, the exploiter returned approximately 9,000 ETH (~$27 million).

Following the incident, the native GMX token fell by 28% to $10.45. On news of the fund’s return, the price rose by 15.8%. At the time of writing, the asset is trading at $13.3.

In a report on the breach, the team confirmed that V1 on Arbitrum was affected by a reentrancy vulnerability in the OrderBook contract. This allowed the attacker to manipulate the price of Bitcoin and withdraw liquidity profitably.

Developers emphasized that the second version of the protocol was not affected. In the future, minting and redeeming GLP on the Arbitrum network will be disabled. Remaining funds will be directed to compensate users for their losses.

Back in June, the stablecoin protocol Resupply lost about $9.5 million due to a hack. The attacker exploited a vulnerability in the exchange rate calculation system.