Decentralized Exchange GMX Suffers Another Hack, $42M Lost

Decentralized exchange GMX has experienced another major breach, resulting in the loss of approximately $40 million in tokens, which were drained to an unknown wallet. On-chain security firm PeckShield was among the first to notify the public about the exploit.

GMX is a multichain platform initially launched on Arbitrum (an Ethereum layer-2 network). It has since expanded to Avalanche and Solana, supporting trading, liquidity provision, and yield across these chains. Moreover, GMX is pursuing further expansion to additional networks, including Base and BNB Chain, via integrations with LayerZero interoperability infrastructure.

GMX Suffers $42M Exploit

Notably, the specifics of how the theft was executed have not been disclosed. Nonetheless, the attacker targeted only its V1 smart contracts, which underpin the GLP pool, used by liquidity providers to support perpetual and spot trading. The stolen assets, approximately $32 million in Arbitrum and $9.5 million in Ethereum, were moved to the attacker’s wallet.

The GMX token has seen a notable decline following the hack of its V1 GLP pool. After earlier trading near $14, it has dropped to around $11.34, reflecting a nearly 20% decline from pre-hack levels. The significant pullback suggests investors are reacting strongly to the incident, despite GMX’s assurance that its V2 platform and token remain secure.

According to onchain data, GMX has offered a 10% white-hat bounty to the hacker if the stolen assets are returned. The attacker has only 48 hours to respond, or the team will begin exploring other options to recover the asset legally.

GMX Team Assures Users

GMX reacted immediately by suspending trading and GLP minting and redemption on both Arbitrum and Avalanche to prevent further damage. The team confirmed the issue only affected V1, and that V2 contracts, markets, and the GMX token remain secure.

It further assured users that the core development team and top-tier security partners are now investigating the breach in detail, aiming to identify the root cause of the vulnerability and recover any lost funds. The team pledged that a comprehensive incident report will follow once analysis is complete.

Involved in Two Other Exploits

Aside from this recent hack, GMX has weathered other security incidents. In September 2022, an exploiter took advantage of GMX’s zero-slippage mechanism in the AVAX/USD market. The attacker executed large trades at unchanged oracle prices,  arbitraged on centralized exchanges, and netted approximately $565,000.

In March 2025, a sophisticated flash-loan attack targeted Abracadabra.Money. It exploited vulnerabilities in its cauldrons that used GMX V2 liquidity tokens as collateral. The attacker stole approximately 6,260 ETH ($13 million) by exploiting a vulnerability in liquidation logic within a single transaction.

Meanwhile, GMX’s recent hack follows ResupplyFi’s $9.6 million exploit of last month. An attacker manipulated the price of its synthetic token, cvcrvUSD, to trigger a zero-exchange-rate bug in the wstUSR vault. The attacker was able to breach the collateral system and borrowed nearly $10 million in reUSD against almost no collateral.

The post Decentralized Exchange GMX Suffers Another Hack, $42M Lost appeared first on Cointab.