A cryptocurrency hacker returned $40.5 million in stolen digital assets to the decentralized trading platform GMX within 48 hours of the initial attack, accepting a bounty payment of approximately $4.5 million in what security experts describe as an unusually swift resolution to a major blockchain exploit.
What to Know:
- The hacker exploited GMX's smart contracts on July 9, stealing approximately $42 million through a re-entrancy attack that manipulated token prices
- GMX offered a 10% "white hat" bounty with no legal consequences if funds were returned within 48 hours
- The attacker kept roughly $4.5 million as bounty payment while returning the remaining $40.5 million in cryptocurrency assets
Technical Exploit Reveals Smart Contract Vulnerability
The attack targeted GMX's Version 1 protocol through a sophisticated re-entrancy exploit that took advantage of flawed smart contract architecture. According to a postmortem report from GMX, the hacker manipulated a contract function that failed to prevent multiple calls within the same operation.
This technical vulnerability allowed the attacker to artificially inflate the price of GLP, GMX's liquidity provider token.
The exploit enabled the criminal to place multiple calls within one function, causing the contract to calculate incorrect balances and facilitating the theft of various digital assets.
The stolen cryptocurrencies included Wrapped Bitcoin (WBTC), Legacy Frax Dollar (FRAX), and DAI stablecoin. The hacker subsequently moved the funds from the Arbitrum network to Ethereum's mainnet. All assets except FRAX were converted to 11,700 ETH tokens.
Swift Negotiation Leads to Unprecedented Return
GMX's security team responded quickly to the breach by posting an on-chain message offering a 10% white hat bounty. The proposal included a 48-hour deadline and guaranteed no legal action would be taken against the perpetrator.
The hacker's response came through blockchain messaging: "Ok, funds will be returned later." The return process began with $10.49 million in FRAX tokens sent directly to GMX's Security Committee Multisig address.
The remaining $32 million, previously converted to ETH, was returned in multiple batches. Due to Ethereum's price appreciation during the incident, the ETH holdings had increased to $35 million in value. The hacker retained the $3 million profit from price movements while returning the original theft amount.
Platform Recovery and Market Response
GMX confirmed that its newer Version 2 protocol remained unaffected by the vulnerability that enabled the attack. The platform has since removed minting caps on liquidity tokens for GMX V2 operating on both Arbitrum and Avalanche networks.
The GMX native token recovered from initial losses following news of the fund return. Market data from CoinMarketCap indicated the asset gained over 13% in trading value.
Security analysts noted the incident highlights ongoing risks in decentralized finance protocols while demonstrating the potential effectiveness of bounty programs in encouraging voluntary fund returns.
Closing Thoughts
The GMX incident represents a rare case where a major cryptocurrency theft resulted in voluntary fund return through bounty negotiation. The $40.5 million recovery, facilitated by GMX's 10% bounty offer, demonstrates an alternative approach to addressing blockchain security breaches beyond traditional legal remedies.