On July 9, GMX, a decentralized exchange, fell victim to a major exploit resulting in the theft of over $42 million in digital assets. The breach involved a suspicious transfer of funds to a specific wallet address, followed by a transfer back to the Ethereum mainnet from Arbitrum, a Layer 2 scaling network for Ethereum.
In a surprising twist, the attacker agreed to return the stolen funds in exchange for a $5 million bounty, a move known as a white-hat deal in the world of DeFi. This approach is used when hackers are willing to return funds after exploiting vulnerabilities, aiming to avoid prolonged investigations and reputational damage while recovering assets for affected users.
According to reports from Lookonchain, the hacker has already returned $10.49 million worth of FRAX stablecoins but converted the remaining $32 million into 11,700 ETH, which has now appreciated to $35 million, resulting in a $3 million profit. The debate now centers on whether the attacker will return all 11,700 ETH or keep the additional gain.
This incident raises questions about the enforcement of white-hat agreements and the ethical implications of attackers retaining profits earned post-exploit. While some view the return of most funds positively, others argue that walking away with millions in profit undermines the integrity of the white-hat model.
The exploit at GMX was rooted in a re-entrancy bug within its V1 contracts, allowing the attacker to manipulate the BTC average short price through the Vault contract. The vulnerability was exploited by inflating GLP prices and profiting from redeeming inflated GLP tokens after opening a large position using a flash loan. GMX has since paused trading on Avalanche, engaged security partners, and initiated communication with the exploiter.
Moving forward, GMX has disabled minting and redemption of GLP on Arbitrum, paused GLP minting on Avalanche, and is winding down V1 positions while migrating them to a reimbursement pool for affected users. The exchange has also warned V1 forks to implement fixes and security audits to prevent similar vulnerabilities.
The incident underscores ongoing security challenges in DeFi, particularly related to large asset vaults and cross-chain functionality. The outcome of this exploit and the white-hat agreement at GMX will likely shape discussions around the role of ethical boundaries and security measures in the decentralized finance space.