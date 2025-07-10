Crypto hackers lift $42m from GMX’s Arbitrum liquidity pool in broad daylight

By: Crypto.news
2025/07/10 02:53
GMX
GMX$11.45+10.09%
DeFi
DEFI$0.001297-3.78%
Nowchain
NOW$0.00354-13.44%

Despite layers of scrutiny, GMX’s V1 GLP pool was hacked for over $40 million in a brazen exploit. With leverage functions now frozen, traders are left wondering: How did audited contracts crack? And what does this mean for DeFi’s perpetual trading future?

On July 9, on-chain perpetual and spot exchange GMX confirmed that its V1 GLP pool on Arbitrum had been exploited, with over $40 million worth of assorted tokens siphoned into an unknown wallet in a single transaction.

The attack, which appears to have manipulated the GLP vault mechanism, forced the protocol to halt trading and pause the minting and redeeming of GLP on both Arbitrum and Avalanche. GMX clarified that the breach was isolated to V1 and did not impact GMX V2, its token, or other associated markets.

While the GMX team has yet to disclose the exact exploit vector, the incident exposes the fragility of even audited smart contracts and raises urgent questions about the sustainability of decentralized leverage markets, where GMX has long been a dominant player.

How audits failed to stop the $40 million GMX exploit

The attacker’s path to draining $40 million from GMX’s V1 GLP pool was alarmingly straightforward yet devastatingly effective. According to blockchain analysts, the exploit involved manipulating the protocol’s leverage mechanism to mint excessive GLP tokens without proper collateral.

Once the attacker artificially inflated their position, they redeemed the fraudulently minted GLP for underlying assets, leaving the pool short of over $40 million in a matter of blocks.

The funds didn’t remain idle for long. According to Cyvers and Lookonchain, the attacker used a malicious contract funded through Tornado Cash to obscure the origin of the exploit. Roughly $9.6 million of the estimated $42 million haul was bridged from Arbitrum to Ethereum using Circle’s Cross-Chain Transfer Protocol, with portions swiftly converted to DAI.

Assets drained included ETH, USDC, fsGLP, DAI, UNI, FRAX, USDT, WETH, and LINK, making this a multi-asset strike spanning both native and synthetic tokens.

Before the hack, GMX’s V1 contracts were reviewed by top auditing firms. Quantstamp’s pre-deployment audit assessed core risks like reentrancy and access controls, while ABDK Consulting conducted additional stress tests. Yet neither audit flagged the specific leverage manipulation vector that enabled this exploit.

The oversight highlights a recurring blind spot in DeFi security: audits tend to focus on general vulnerabilities but often miss protocol-specific logic flaws. Ironically, GMX had proactive safeguards in place, including a $5 million bug bounty program and active monitoring by firms such as Guardian Audits.

This exploit doesn’t just undermine GMX, it casts doubt on the audit-driven security paradigm as a whole. If a protocol as mature and battle-tested as GMX can lose $40 million to a logic flaw, the implications for less scrutinized projects are deeply concerning.

Meanwhile, GMX’s on-chain appeal to the hacker, offering a 10% bounty for the return of funds, underscores DeFi’s harsh reality: recovery efforts often rely on negotiating with attackers.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

United States Building Permits Change dipped from previous -2.8% to -3.7% in August

United States Building Permits Change dipped from previous -2.8% to -3.7% in August

The post United States Building Permits Change dipped from previous -2.8% to -3.7% in August appeared on BitcoinEthereumNews.com. Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page. If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet. FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted. The author and FXStreet are not registered investment advisors and nothing in this article is intended…
ChangeX
CHANGE$0.00166416+10.11%
BRC20.COM
COM$0.012573+26.12%
WELL3
WELL$0.0000752-16.72%
Share
BitcoinEthereumNews2025/09/18 02:20
Share
Strategy transferred 7,383 BTC to 3 new wallets 11 hours ago, worth about $796 million

Strategy transferred 7,383 BTC to 3 new wallets 11 hours ago, worth about $796 million

PANews reported on June 30 that according to Lookonchain monitoring, MicroStrategy (Strategy) transferred 7,383 BTC (worth US$796 million) to three new wallets 11 hours ago, possibly to improve custody. Historically,
Bitcoin
BTC$115,283.61+3.92%
Juneo Supernet
JUNE$0.0912+30.28%
Share
PANews2025/06/30 11:35
Share
SEC approves Grayscale’s multi-crypto fund with XRP, SOL and ADA

SEC approves Grayscale’s multi-crypto fund with XRP, SOL and ADA

GDLC's approval coincides with SEC adopting generic listing standards for crypto ETFs, which would expedite the launch process.
Solana
SOL$196.79+10.42%
XRP
XRP$2.5331+5.67%
Multichain
MULTI$0.04758+16.64%
Share
Coinstats2025/09/18 10:26
Share

Trending News

More

United States Building Permits Change dipped from previous -2.8% to -3.7% in August

Strategy transferred 7,383 BTC to 3 new wallets 11 hours ago, worth about $796 million

SEC approves Grayscale’s multi-crypto fund with XRP, SOL and ADA

Dogecoin Price Prediction For 2025, As Analysts Call Pepeto The Next 100x

Switzerland is accelerating efforts to upgrade its free trade agreement with China amid stalled tariff discussions with the U.S.