Hacker Returns $40M to GMX After Major Exploit, Token Surges
The hacker who stole more than $40 million from GMX’s V1 contracts earlier this week has begun returning the funds, triggering a strong rally in GMX’s token price.
The exploit targeted a reentrancy vulnerability in GMX’s OrderBook contract on Arbitrum. By repeatedly calling certain functions before transactions were finalized, the attacker manipulated short positions on bitcoin, inflated the value of GMX’s GLP pool, and redeemed tokens like USDC, WBTC, WETH, and FRAX for outsized profits.
On Friday, the hacker posted an on-chain message saying, “ok, funds will be returned later.” Hours later, more than $10.5 million in FRAX stablecoins was transferred back to GMX’s deployer wallet, according to security firm PeckShield.
By later that day, over $40 million worth of crypto assets—including roughly 9,000 ETH and 10.5 million FRAX—had been returned to the GMX Security Committee’s multisig wallet, as noted by blockchain analytics firm Lookonchain.
PeckShieldAlert (@PeckShieldAlert)
“#PeckShieldAlert #GMX Exploiter has returned a total of $37.5M worth of cryptos, including ~9K $ETH & 10.5M $FRAX to the #GMX Security Committee Multisig address.”
July 11, 2025
The GMX token has jumped 13% in the past 24 hours, currently trading around $13.15.
Following the exploit, GMX halted V1 trading and minting on both Arbitrum and Avalanche. The protocol offered the hacker a $5 million white-hat bounty—over 10% of the stolen funds—and promised no legal action if the money was returned in full within 48 hours, a deadline that appears to have been met.
Reentrancy vulnerabilities remain a significant threat in DeFi, allowing attackers to manipulate smart contracts through repeated calls within a single transaction.
Despite the breach, GMX’s swift response and the hacker’s partial cooperation have helped stabilize the protocol and its token’s price.
