Reading Time: 2 minutes
- The GMX hacker has returned stolen funds and taken $5 million as a bounty
- They exploited a vulnerability in GMX’s code and siphoned $40 million
- The attacker despatched the $5 million bounty to coin-mixing platform Tornado Cash
The GMX hacker has returned the $40 million he had siphoned from the decentralized alternate on July 9 and taken $5 million as a bounty. GMX acknowledged that the stolen funds “are now safely in [its] safety multisig” and added that it’s working on a distribution map for presentation to the GMX DAO. GMX had reached out to the attacker by an on-chain message and equipped a white-hat malicious program bounty, noting that returning the loot may per chance per chance lend a hand him “exhaust the funds freely.”
GMX Treasury To Pay the Hacker
The DEX talked about that the $5 million bounty will most likely be coated by the platform’s treasury funds allocated for malicious program bounties, thereby compensating all affected customers. GMX knowledgeable the attacker that it may per chance maybe even be traumatic to use the funds if he chose to sustain your total loot, noting that he’ll wish to take “additional dangers to acquire entry to them.”
Posting this message in hopes of connecting with the actual person to blame for the GMX V1 exploit.
You’ve efficiently carried out the exploit; your abilities in doing so are evident to someone taking a peek into the exploit transactions.
The white-hat malicious program bounty of $5 million continues… https://t.co/KPf2fEtU6t
— GMX 🫐 (@GMX_IO) July 10, 2025
In a publish-mortem memoir, GMX disclosed that the exploit was prompted by a re-entrancy assault allowing the attacker to govern the designate of the alternate token, GLP. He then converted the tokens to BTC and ETH.
As a precaution, the alternate halted operations on Arbitrum and the minting of GLP tokens on Avalanche. GMX also talked about that it’ll provoke a governance discussion on GMX DAO to judge “attainable repayment measures.”
Extra Hackers Go for a Bounty
The GMX hacker’s resolution to reach the funds adds to a rising checklist of risk actors selecting a bounty as an different of preserving your total loot. Hackers opt to reach the funds to sustain away from being on the streak from law enforcement companies and having to designate sophisticated processes to launder the funds.
The GMX hacker isn’t the principal to reach stolen funds for a bounty. This twelve months, ZKsync, 1inch, and Loopscale attackers are amongst these that returned the loot for a white hat bounty. Others, just like the Cork hacker, opted to donate phase of the loot to the Roman Storm protection.
Even though the GMX hacker returned the funds, it’s to be viewed whether the incident will affect GMX usage.
