GMX Hack: $42M Drained – What We Know So Far

July 9, 2025

4 min read

On July 9, 2025, GMX V1, a decentralized perpetual exchange on Arbitrum, suffered a significant exploit resulting in the loss of approximately $42 million from its GLP (GMX Liquidity Provider) pool. The attacker transferred funds from the GLP pool to an unknown wallet, subsequently bridging assets from Arbitrum to Ethereum—a tactic commonly used to obfuscate and launder stolen funds.

What Happened?

The exploit targeted the GLP pool of GMX V1 on Arbitrum. An attacker manipulated the smart contract logic, enabling unauthorized withdrawals of funds. The specific vulnerability exploited is under investigation, but initial reports suggest a flaw in the contract’s validation checks allowed the attacker to bypass security measures.

In response, GMX has disabled trading on GMX V1 and halted the minting and redeeming of GLP on both Arbitrum and Avalanche to prevent further exploitation and protect users. It’s important to note that GMX V2, its markets, liquidity pools, and the GMX token itself are unaffected by this exploit.

How to Check If You’re Affected by the GMX hack

To determine if your wallet was impacted by the exploit:

Review Your Wallet Activity: Check your transaction history for any unauthorized withdrawals or interactions with GMX V1 contracts.
Use Revoke Tools: Utilize platforms like Revoke.cash to identify and revoke any active approvals to GMX V1 contracts.
Check the latest announcements on GMX socials

Exploit Mechanism

Vault Design Flaw: GMX V1’s vault contract had a vulnerability where short position operations immediately updated the global short average prices. This design flaw allowed the attacker to manipulate the system’s calculations.
Oracle Price Manipulation: The attacker exploited the protocol’s reliance on oracle prices by influencing the price feeds through large trades on other platforms. This manipulation affected the valuation of assets within GMX, enabling the attacker to execute trades at favorable prices.
Zero Slippage Feature Abuse: GMX V1’s feature of zero price impact trades allowed the attacker to open and close large positions without affecting the market price. By doing so, the attacker could extract profits from the GLP pool without incurring typical trading costs.

Immediate Actions Taken:

Trading Halted: GMX disabled trading on its V1 platform and paused the minting and redeeming of GLP tokens on both Arbitrum and Avalanche to prevent further exploitation.
Security Investigation: The GMX team, along with security partners, initiated a thorough investigation to identify the root cause and assess the full impact of the exploit.
Bounty Offer: GMX extended a 10% white-hat bounty to the attacker, amounting to approximately $4 million, in exchange for the return of the stolen funds and to avoid legal action.

Impact on GMX Ecosystem:

The exploit was confined to GMX V1 and did not affect GMX V2, its markets, liquidity pools, or the GMX token itself.

This incident underscores the importance of robust smart contract design and the risks associated with features like zero slippage and immediate price updates in decentralized finance platforms.

How to Stay Safe from the GMX hack

To protect your assets in the DeFi space:

Conduct Due Diligence: Research protocols thoroughly before investing.
Use Reputable Platforms: Prefer platforms with a proven track record and third-party security audits.
Limit Exposure: Avoid allocating large portions of your portfolio to a single DeFi protocol.
Stay Informed: Keep up with news and updates from the platforms you use.

What’s Next?

GMX’s core contributors and security partners are actively investigating the exploit to identify the root cause and implement necessary fixes. A detailed incident report will be released once the investigation is complete. Users are advised to monitor official GMX channels for updates and follow recommended security practices to safeguard their assets.

Don’t forget to stay safe with FailSafe’s elite security audits!