GMX Crashes 25% After $42 Million DeFi Hack

GMX suffered a major hack today, as a wallet drained roughly $42 million from its GLP liquidity provider. It’s unclear how this happened, but the team offered the attackers a 10% bounty if they returned 90% of the funds.

Hackers have already bridged around $9.6 million from Arbitrum to Ethereum using Circle’s CCTP, leading to controversy. This is GMX’s second major breach this year, and its token fell over 25% in response.

How Was GMX Hacked?

The crypto community has suffered a lot of prominent hacks lately, and it doesn’t look like the trend is slowing down. Earlier this morning, security watchdogs noticed a suspicious transaction on GMX, which now seems to be a hack.

Through unknown methods, a Tornado Cash-funded wallet managed to drain around $42 million from GMX’s liquidity provider (GLP).

GMX, the popular decentralized exchange, quickly responded to this major hack. Specifically, it disabled several user features related to trading, minting, and redeeming tokens.

The firm also encoded an on-chain message to the hackers, claiming that it would not pursue legal action if they returned 90% of the stolen funds within 48 hours. The other 10% would be a sort of bug bounty.

Additionally, GMX is investigating the exact cause of this hack, but the results are currently inconclusive. The firm claimed that the damage was isolated to the GMX V1 exchange, and that V2, markets, other liquidity pools, and the GMX token itself are working as normal.

Nonetheless, this token dropped more than 35% and has been falling since the hack took place:

GMX Price Chart. Source: CoinGecko

Unfortunately, this is GMX’s second major hack in 2025. Earlier this March, the firm lost $13 million to an attack that also caused GMX to plummet 10%. If more serious breaches like this continue, it could damage the firm’s reputation.

ZachXBT, a prominent crypto sleuth, has already pointed out another weakness in the GMX hack. He claimed that $9.6 million in stolen funds sat on the USDC blockchain for nearly two hours before the attacker used CCTP to bridge the funds to Ethereum.

He personally attempted to flag the transaction and accused Circle of negligence in failing to freeze these assets.

Other than this successful ETH bridging, the other ~$33 million remains on Arbitrum. It’s unclear if the attackers will manage to launder the remaining proceeds from the GMX hack.