{"id":25268,"date":"2025-07-11T15:52:44","date_gmt":"2025-07-11T12:52:44","guid":{"rendered":"https:\/\/forklog.com\/en\/hacker-returns-40-million-stolen-from-gmx\/"},"modified":"2025-07-11T15:52:44","modified_gmt":"2025-07-11T12:52:44","slug":"hacker-returns-40-million-stolen-from-gmx","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-returns-40-million-stolen-from-gmx\/","title":{"rendered":"Hacker Returns $40 Million Stolen from GMX"},"content":{"rendered":"<p>The perpetrator has returned nearly all the funds <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-breaches-gmx-dex-for-42-million\">stolen<\/a> from the GMX protocol, agreeing to a $5 million reward offered by the project&#8217;s team.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/GMX?src=hash&#038;ref_src=twsrc%5Etfw\">#GMX<\/a> Exploiter msg: funds will be returned later <a href=\"https:\/\/t.co\/ohlOVYWSvD\">pic.twitter.com\/ohlOVYWSvD<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1943564064501985691?ref_src=twsrc%5Etfw\">July 11, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>An unknown individual withdrew assets from the GLP coin pool on GMX V1 in the Arbitrum network. The breach affected USDC, FRAX, wBTC, and wETH.<\/p>\n<p>The GMX team <a href=\"https:\/\/arbiscan.io\/tx\/0x92a39e66e54aff033cd7b41b468de7891cf459593495d68d78099cc889547380\">sent<\/a> an on-chain message to the hacker, offering 10% of the amount as a reward and promising not to pursue legal action if the remaining 90% was returned within 48 hours.<\/p>\n<p>The hacker responded:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;Ok, funds will be returned later.&#8221;<\/em><\/p>\n<\/blockquote>\n<p>Shortly thereafter, the hacker sent two tranches of <a href=\"https:\/\/arbiscan.io\/tx\/0x62b8450259ee85838c7be3335e659a65be66268a1a5c6792ca731df199211841\">5.5 million FRAX<\/a> and <a href=\"https:\/\/arbiscan.io\/tx\/0x255d0af85ae52c22e0206cad52d22f8620c002b8e23efcc3162916d8559321b3\">5 million FRAX<\/a> to the GMX address. Later, the exploiter <a href=\"https:\/\/x.com\/PeckShieldAlert\/status\/1943615260704796930\">returned<\/a> approximately 9,000 ETH (~$27 million).<\/p>\n<p>Following the incident, the native GMX token fell by 28% to $10.45. On news of the fund&#8217;s return, the price <a href=\"http:\/\/coingecko.com\/en\/coins\/gmx\">rose<\/a> by 15.8%. At the time of writing, the asset is trading at $13.3.<\/p>\n<p>In a report on the breach, the team <a href=\"https:\/\/x.com\/GMX_IO\/status\/1943336664102756471\">confirmed<\/a> that V1 on Arbitrum was affected by a reentrancy vulnerability in the OrderBook contract. This allowed the attacker to manipulate the price of Bitcoin and withdraw liquidity profitably.<\/p>\n<p>Developers emphasized that the second version of the protocol was not affected. In the future, minting and redeeming GLP on the Arbitrum network will be disabled. Remaining funds will be directed to compensate users for their losses.<\/p>\n<p>Back in June, the stablecoin protocol Resupply <a href=\"https:\/\/u1f987.com\/en\/news\/resupply-protocol-hacked-for-9-5-million\">lost<\/a> about $9.5 million due to a hack. The attacker exploited a vulnerability in the exchange rate calculation system.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The perpetrator has returned nearly all the funds stolen from the GMX protocol, agreeing to a $5 million reward offered by the project&#8217;s team. #PeckShieldAlert #GMX Exploiter msg: funds will be returned later pic.twitter.com\/ohlOVYWSvD \u2014 PeckShieldAlert (@PeckShieldAlert) July 11, 2025 An unknown individual withdrew assets from the GLP coin pool on GMX V1 in the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":25267,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,787],"class_list":["post-25268","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-dex"],"aioseo_notices":[],"amp_enabled":true,"views":"62","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/25268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=25268"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/25268\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/25267"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=25268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=25268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=25268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}