A significant security breach has hit the decentralized exchange GMX, resulting in the theft of around $42 million from its Arbitrum-based v1 perpetual platform. In response to the incident, GMX has reached out to the hacker with an on-chain message offering a 10% white-hat bounty. The platform has also stated that no legal action will be taken if the remaining funds are returned within 48 hours, a common strategy employed by DeFi protocols in the face of such exploits.
Following the attack, the platform’s native token experienced a 17% drop, reaching a two-month low of $11.7 at the time of writing. Launched in 2021, GMX operates on various blockchain networks including Solana, Avalanche, and Arbitrum. It boasts processing over $305 billion in trading volume and generating more than $435 million in fees.
The exploit, which took place on July 9, was traced back to a malicious smart contract deployed by an address funded through Tornado Cash, an Ethereum-based privacy tool often used to conceal transactions. The attacker targeted a variety of assets including ETH, USDC, fsGLP, DAI, UNI, FRAX, USDT, WETH, and LINK. While approximately $9.6 million has been moved to Ethereum’s mainnet, the remaining funds are still on the Arbitrum network.
Analysts have observed that the hacker executed the hack by minting GLP tokens and exchanging them for high-value digital assets, which were subsequently converted to ETH.
In the aftermath of the attack, security experts have criticized Circle, the issuer of USDC, for its delayed response to the incident. The exploiter held $30 million in USDC at one point and continued to convert other tokens into the stablecoin without being blacklisted. Even an hour after the attack, $4.3 million in USDC remained untouched in the exploiter’s wallet. The attacker has since moved the USDC into DAI, a decentralized stablecoin on Ethereum.
This criticism echoes concerns raised by investigator ZachXBT regarding Circle’s recurring delays in freezing suspicious funds.
As the DeFi space continues to evolve, security incidents like the one at GMX serve as a reminder of the importance of robust security measures and proactive responses to potential threats. The community will be closely watching how GMX and other platforms address and recover from such breaches.