Cryptocurrency prospects for GMX following disclosure of 40 million dollars in theft by the team
In a significant blow to the decentralised finance (DeFi) industry, GMX, a notable player in the perpetual exchange sector, has fallen victim to a sophisticated exploit on its GMX V1 platform operating on the Arbitrum blockchain. The attack resulted in the theft of approximately $40-42 million worth of GLP tokens.
The root cause of the exploit was a vulnerability in GMX V1’s smart contracts related to how the global average price for short positions is calculated. Specifically, the flaw involved the immediate update of the global average price during short position handling, which influences the total assets under management (AUM) calculation and the GLP token price. The attacker used a reentrancy attack combined with the timelock.enableLeverage feature (triggered by a Keeper) to manipulate the short average price and artificially inflate the GLP price in a single transaction. This manipulation enabled the attacker to redeem GLP tokens at a manipulated, inflated price, profiting substantially.
The exploit had a significant impact. Approximately $40-42 million in GLP tokens were stolen and moved through multiple stages, including bridging about $9.6 million from Arbitrum to Ethereum to obfuscate the trail. The exploit was limited to GMX V1 contracts and did not affect GMX V2, the GMX token, or other liquidity pools, which handle most of the trading volume now.
In response, the GMX team disabled trading and the minting/redeeming of GLP tokens on both Arbitrum and Avalanche networks to prevent further losses. They have also worked promptly with security experts and audit firms to analyse the breach, engaged in negotiations with the exploiter, offering a 10% whitehat bounty for the return of the stolen funds, and promised no legal action if the remaining 90% of stolen funds were returned within 48 hours. GMX has committed to publishing a detailed post-mortem report once the investigation is complete.
The GMX token, which was a significant player in the DeFi industry, has seen a steep decline, with the GMX token value dropping more than 10% amid investor panic. In the last 24 hours, GMX handled transactions worth $179 million, and $6.4 billion in the last 30 days, according to DeFi Llama. However, the current bearish momentum suggests a path of least resistance pointing lower for GMX.
This incident marks another addition to the growing list of exploited platforms in 2025, following incidents at Bybit, Coinbase, Cetus Protocol, and others. As the DeFi industry continues to evolve, it is crucial for platforms to prioritise security and transparency to maintain user trust and confidence. GMX, in its response, has demonstrated a commitment to transparency and improved safeguards going forward.
- The sophisticated exploit on the GMX V1 platform, operating on the Arbitrum blockchain, has led to the theft of approximately $40-42 million worth of GLP tokens.
- The root cause of the exploit was a vulnerability in GMX V1’s smart contracts, specifically the immediate update of the global average price during short position handling.
- The attacker used a reentrancy attack combined with the timelock.enableLeverage feature to manipulate the short average price and artificially inflate the GLP price, enabling them to profit substantially.
- In response, the GMX team has disabled trading and the minting/redeeming of GLP tokens on both Arbitrum and Avalanche networks. They are working with security experts, audit firms, and in negotiations with the exploiter for the return of the stolen funds.
- The GMX token, a significant player in the DeFi industry, has seen a steep decline, with the GMX token value dropping more than 10% amid investor panic.
- As the DeFi industry continues to evolve, it is crucial for platforms like GMX to prioritize security and transparency to maintain user trust and confidence.
- This incident adds to the growing list of exploited platforms in 2025, including Bybit, Coinbase, Cetus Protocol, and others, emphasizing the need for robust security measures in the crypto and blockchain finance industry.
