{"id":55770,"date":"2025-07-11T12:20:55","date_gmt":"2025-07-11T12:20:55","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/hacker-starts-returning-40m-in-stolen-funds-from-gmx-exploit\/"},"modified":"2025-07-11T12:20:55","modified_gmt":"2025-07-11T12:20:55","slug":"hacker-starts-returning-40m-in-stolen-funds-from-gmx-exploit","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/hacker-starts-returning-40m-in-stolen-funds-from-gmx-exploit\/","title":{"rendered":"Hacker starts returning $40M in stolen funds from GMX exploit"},"content":{"rendered":"<p><b>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison )<\/b><br \/>\n<\/p>\n<div data-site=\"CoinJournal\">\n<div class=\"-mt-16  mb-8  lg:-mt-20  rounded-md  shadow-md\">\n<div class=\"relative  z-10  post-article-image  rounded  overflow-hidden\" data-site=\"CoinJournal\">\n<picture><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/Curve-DAO-CRV-price-drops-as-Curve-Finance-battles-DNS-attack-smartcrop-750x375.webp\" type=\"image\/webp\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/Curve-DAO-CRV-price-drops-as-Curve-Finance-battles-DNS-attack-smartcrop-363x181.webp\" type=\"image\/webp\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/Curve-DAO-CRV-price-drops-as-Curve-Finance-battles-DNS-attack-smartcrop-750x375.png\" type=\"image\/jpeg\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/Curve-DAO-CRV-price-drops-as-Curve-Finance-battles-DNS-attack-smartcrop-363x181.png\" type=\"image\/jpeg\"\/>\n<\/picture>                            <\/div>\n<\/p><\/div>\n<ul>\n<li data-start=\"352\" data-end=\"569\">At the time of writing, the total amount returned to GMX stood at approximately $20 million.<\/li>\n<li data-start=\"352\" data-end=\"569\">GMX acknowledged the technical sophistication of the exploit and issued a $5 million bounty for the return of funds.<\/li>\n<li data-start=\"352\" data-end=\"569\">The attacker reportedly manipulated the price of GLP tokens, draining a variety of crypto assets from the platform.<\/li>\n<\/ul>\n<p data-start=\"352\" data-end=\"569\">The attacker who exploited a vulnerability in the GMX v1 decentralised exchange and stole approximately $40 million in crypto has begun returning the stolen assets after accepting a bounty offered by the GMX team.<\/p>\n<p data-start=\"571\" data-end=\"894\">According to blockchain security firm PeckShield, the hacker sent an on-chain message acknowledging the bounty and indicating willingness to cooperate.<\/p>\n<p data-start=\"571\" data-end=\"894\">\u201cOk, funds will be returned later,\u201d the exploiter wrote in a blockchain transaction, referencing the terms outlined by GMX for a partial return of the stolen funds.<\/p>\n<h2 data-start=\"896\" data-end=\"940\">The hacker starts transferring funds back<\/h2>\n<p data-start=\"942\" data-end=\"1267\">Less than an hour after the message was broadcast, the attacker began transferring funds back to the address specified by GMX.<\/p>\n<p data-start=\"942\" data-end=\"1267\">PeckShield reported that about $9 million in Ether (ETH) was sent to the team.<\/p>\n<p data-start=\"942\" data-end=\"1267\">The Ethereum address used in the transaction has been labelled GMX Exploiter 2 on blockchain tracking platforms.<\/p>\n<p data-start=\"1269\" data-end=\"1581\">PeckShield also flagged two separate transfers of FRAX stablecoins, with the attacker returning $5.5 million in one transaction and an additional $5 million later.<\/p>\n<p data-start=\"1269\" data-end=\"1581\">At the time of writing, the total amount returned to GMX stood at approximately $20 million, representing half of the stolen assets.<\/p>\n<p data-start=\"1583\" data-end=\"1913\">The original exploit, which occurred on Wednesday, targeted a liquidity pool on GMX v1, a perpetual trading protocol deployed on the Arbitrum Layer 2 network.<\/p>\n<p data-start=\"1583\" data-end=\"1913\">The attacker reportedly manipulated the price of GLP tokens, draining a variety of crypto assets from the platform by exploiting a design flaw in the protocol.<\/p>\n<h2 data-start=\"1915\" data-end=\"1957\">GMX offered $5 million white hat bounty<\/h2>\n<p data-start=\"1959\" data-end=\"2348\">In response to the breach, GMX acknowledged the technical sophistication of the exploit and issued a $5 million bounty for the return of funds.<\/p>\n<p data-start=\"1959\" data-end=\"2348\">In a post on X (formerly Twitter), the GMX team addressed the hacker directly, offering the bounty under a \u201cwhite hat\u201d classification, which would allow the attacker to spend the funds legally if the bulk of the assets were returned.<\/p>\n<blockquote data-start=\"2350\" data-end=\"2562\">\n<p data-start=\"2352\" data-end=\"2562\">\u201cYou\u2019ve successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions,\u201d GMX wrote. \u201cThe white hat bug bounty of $5 million continues to be available.\u201d<\/p>\n<\/blockquote>\n<p data-start=\"2564\" data-end=\"2820\">The team emphasized that the bounty was intended to eliminate legal and practical risks associated with using stolen crypto.<\/p>\n<p data-start=\"2564\" data-end=\"2820\">GMX also offered to provide proof of the source of funds if needed, enabling the exploiter to pass compliance checks or audits.<\/p>\n<p data-start=\"2864\" data-end=\"3226\">In addition to the public bounty, the GMX team issued an on-chain ultimatum, stating that legal action would be pursued within 48 hours if the funds were not returned.<\/p>\n<div class=\"ad-banner  container  pt-1\" data-partner=\"bitcoinpepe\">\n        <a href=\"https:\/\/bitcoinpepe.co\/en?utm_source=coinjournal&amp;utm_medium=banner&amp;utm_campaign=header\" target=\"_blank\" rel=\"nofollow sponsored noopener\"><br \/>\n            <img src=\"https:\/\/coinjournal.net\/wp-content\/themes\/c1-base\/dist\/img\/ad\/blockovate\/en-4.png\"\/><br \/>\n        <\/a>\n    <\/div>\n<div class=\"post-meta\">\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Share this article<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Categories<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Tags<\/h6>\n<\/p><\/div>\n<\/p><\/div>\n<p><a href=\"https:\/\/coinjournal.net\/news\/hackers-starts-returning-40m-in-stolen-funds-from-gmx-exploit\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison ) At the time of writing, the total amount returned to GMX stood at approximately $20 million. GMX acknowledged the technical sophistication of the exploit and issued a $5 million bounty for the return of funds. The attacker reportedly manipulated the price [&hellip;]<\/p>\n","protected":false},"author":3947362387,"featured_media":55771,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/55770"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/3947362387"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=55770"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/55770\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/55771"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=55770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=55770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=55770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}