$42M Stolen in GMX V1 Exploit as Exchange Shuts Down Trading

Decentralized derivatives exchange GMX has confirmed a $42 million exploit targeting its GMX V1 GLP pool on Arbitrum, prompting a temporary shutdown of trading and a white-hat bounty offer to the attacker.

$42 Million Drained From GMX V1 GLP Pool

In a significant security incident, an attacker has drained approximately $42 million from its GMX V1 GLP liquidity pool. The exploit, which occurred early Wednesday, prompted the exchange to halt trading and disable minting and redemption of GLP tokens on both the Arbitrum and Avalanche networks as a precautionary measure.

According to an official statement, the attack impacted only GMX V1 and its GLP pool. The platform confirmed that its GMX V2 markets, liquidity pools, and native GMX token remained unaffected by the breach.

Exploit Method and On-Chain Activity

Initial on-chain analysis revealed that the attacker systematically drained funds from the GLP pool, converting assets from USDC to ETH and subsequently to DAI. Additional assets stolen included millions worth of FRAX, wrapped Bitcoin (WBTC), wrapped Ether (WETH), and other cryptocurrencies.

Blockchain security firm PeckShieldAlert highlighted a message sent to the attacker via an on-chain transaction, offering a 10% bounty for the safe return of the stolen funds. GMX further stated that no legal action would be pursued if the assets were returned within 48 hours. Data from Arkham Intelligence indicated that a wallet linked to the hacker currently holds nearly $44 million in digital assets.

Vulnerability Linked to Design Flaw

Cybersecurity firm SlowMist later identified a critical design flaw in GMX V1 as the root cause of the exploit. According to their analysis, the issue stems from how GMX V1 handles short position operations. Specifically, the system’s architecture allowed the immediate update of global short average prices, creating an opportunity for price manipulation and enabling the attacker to systematically drain liquidity.

On an X post, SlowMist claimed,

“The root cause of this attack stems from GMX V1's design flaw where short position operations immediately update the global short average prices.” 

Emergency Measures and Community Response

In response to the incident, GMX suspended GLP-related functionalities across Arbitrum and Avalanche to prevent further exploits. Platform users were advised to disable leverage and adjust their settings to halt GLP minting temporarily.

The team reiterated that GMX V2 remains fully operational and secure, with no vulnerabilities detected in its updated infrastructure. Industry observers noted the swift action taken by GMX in mitigating the situation, though concerns over the lasting impact on user trust and decentralized finance security remain.

As of the latest updates, no public response has been recorded from the attacker. The crypto community continues to monitor the wallet activity closely, while GMX and its partners investigate the breach and assess long-term protocol adjustments.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice