GMX Offers 10% White Hat Bounty After $42M Exploit: A Call to Hackers

GMX Offers 10% White Hat Bounty After $42M Exploit: A Call to Hackers
Show Article Summary

GMX Decentralized Exchange Suffers $42 Million Exploit

Overview of the Incident

A significant security breach occurred on Wednesday at GMX, a decentralized perpetual futures exchange, resulting in the theft of approximately $42 million in cryptocurrency. The attack specifically targeted the first version of the protocol operating on the Arbitrum network.

Details of the Attack

At 1:34 PM London time, the hacker executed a transfer of assets from the GMX protocol to a different wallet. Following this, they successfully bridged around $9.6 million of the stolen assets from Arbitrum to Ethereum. In response to the breach, GMX announced via a post on X that trading activities on GMX v1, along with the minting and redeeming of GLP tokens, have been halted on both Arbitrum and Avalanche. This precautionary measure aims to mitigate further risks and safeguard users from additional losses.

Impact on GMX and Its Users

The exploit has dealt a significant blow to GMX, which manages user deposits totaling around $500 million. In the wake of the incident, the value of GMX’s token plummeted by 28%, bringing its current trading price down to $11.20. The hacker specifically targeted GMX v1, which has been operational since 2021, and among the assets taken were $10 million in Legacy Frax Dollars, $9.7 million in USDC, as well as smaller amounts of Wrapped Bitcoin and Ether.

Method of Attack

According to security experts from Cyvers, the attacker utilized funds from the privacy protocol Tornado Cash to finance their actions and deployed a malicious smart contract that drained the protocol’s resources. This is not the first instance of GMX v1 being compromised; a previous hack in September 2022 resulted in a loss of $560,000 on the Avalanche blockchain.

White Hat Bounty Offer

Approximately one hour post-attack, GMX reached out to the hacker through an on-chain message, proposing a 10% bounty for the return of the stolen assets within a 48-hour timeframe. The platform reassured its users that the v2 smart contracts remained unaffected by this exploit, emphasizing that the attack was confined to v1 and its GLP liquidity pool. Notably, GMX transitioned to v2 in 2023, which now handles the majority of trading activities, although the v1 contracts were left operational for public use.

Ongoing Risks and Future Actions

Despite the immediate measures taken, there are concerns that additional funds may still be vulnerable. Current estimates indicate that over $27 million is held within GMX v1 forks, which could also be at risk depending on the exploit’s nature. Forks are decentralized finance protocols that replicate existing open-source code, often with minor modifications or deployed on different blockchains.

GMX is collaborating with its security partners to analyze the exploit’s mechanics and plans to release a comprehensive report detailing the incident once all information has been thoroughly verified.

Zachary Rampone serves as a DeFi correspondent at DL News. For tips, reach out via email at [email protected].

Disclaimer: This article is provided for informational purposes only and does not constitute financial advice. Readers are encouraged to conduct their own research before making any investment decisions.

Ads

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Posts