- GMX lost $42M after a crypto hacker exploited its V1 GLP pool on Arbitrum using a logic flaw.
- The attacker swapped stolen funds into ETH, DAI, and other tokens before bridging to Ethereum.
- To recover funds without enforcing legal charges, GMX offered a 10% bounty and suspended V1 trading.
A major security breach hit the decentralized trading platform GMX on Wednesday morning, draining more than $40 million from its GLP liquidity pool. To contain further risks, the GMX team responded by halting all V1 trading and GLP minting and redemption on both Arbitrum and Avalanche networks.
This incident adds to increasing concerns over the unstable safety of decentralised financing systems particularly those that involve leveraged trading.
GLP Pool Breach Prompts Trading Suspension
The targeted pool was the GMX V1 GLP pool that acts as the leading liquidity provider in perpetual and spot transactions on the Arbitrum network. According to GMX’s official statement, the exploit did not affect GMX’s V2 protocol, its primary GMX token, or other supported liquidity pools and trading markets.
Blockchain analytics firms PeckShieldAlert and Arkham Intel reported that the crypto hacker moved the stolen funds through several channels, swapping assets such as USDC for ETH, then to DAI, and transferring out millions in FRAX, wrapped bitcoin, and wrapped ETH. The hacker’s wallet currently holds nearly $44 million in digital assets.
The attacker reportedly used a malicious contract funded via Tornado Cash to mask their identity and route stolen funds across networks. Data from Cyvers and Lookonchain indicates that the attacker bridged about $9.6 million to Ethereum through Circle’s Cross-Chain Transfer Protocol before swapping it into DAI.
GMX announced that all the leveraged trading functions on V1 are frozen, and users should change their platform settings accordingly. The team is also halting GLP minting and redemption on Avalanche to protect remaining assets and user funds. The company will continue to prioritize investigating the exploit vector and mitigating any further risk to users.
Also Read | The Rise of Wrench Attacks in Crypto: The Disturbing Shift From Online Hacks to Physical Violence
GMX Offers Bounty as Token Drops 18% Post-Exploit
An initial analysis from the blockchain security firm SlowMist and other investigators indicates that the attack took advantage of a mistake in how the GLP price was calculated, which let the attacker create GLP without backing it and exchange it for many different assets. This flaw enabled the rapid withdrawal of over $40 million in ETH, USDC, fsGLP, DAI, UNI, FRAX, USDT, WETH and LINK in a single transaction.
In addition, GMX responded to the hacker by offering a 10% white-hat bounty and stated that no law enforcement action should be taken if the funds are returned within 48 hours. According to The Block Price Page GMX, the protocol’s price dropped by approximately 18% after the exploit with the GMX token falling from $14.42 to $11.78.
Crypto Hack Highlights Limitations of DeFi Audits
Although the GMX V1 contracts have passed audits by Quantstamp and ABDK Consulting, they failed to withstand this targeted exploit. The audits failed to detect the exact logic vulnerability, allowing the attacker to manipulate the protocol’s leveraged position calculations. The crypto hack illustrates a flaw in decentralized finance in which security reviews often miss unique, protocol-specific risks that are exploited later.
Furthermore, a broader trend of crypto hacks targeting crypto exchanges and DeFi platforms coincides with this hack. According to a blockchain analysis firm, Chainalysis, more than $2.5 billion was lost in the first half of 2025 alone due to crypto hacks and exploits.
Also Read | Crypto Hacks Hit $2.1B in H1 2025, TRM Labs Cites Surge in State-Sponsored Crime