On July 9, the decentralized trading platform GMX suffered a major exploit, leading to the loss of $42 million in assorted cryptocurrencies.<\/p>\n
Now, on-chain data shows that the hacker has changed most of the stolen funds into 11,700 ETH.<\/p>\n
The Wednesday incident saw the attacker stealing over $10 million worth of legacy Frax Dollar (FRAX), $9.6 million in wrapped Bitcoin (wBTC), and about $5 million in DAI stablecoin.<\/p>\n
Following the breach, $9.6 million of the funds were bridged to the Ethereum blockchain and exchanged into DAI and ETH, with a further $32 million remaining on Arbitrum.<\/p>\n
GMX confirmed the theft in a post<\/a> on X:<\/p>\n \u201cThe GLP pool of GMX V1 on Arbitrum has experienced an exploit. Approximately $40M in tokens has been transferred from the GLP pool to an unknown wallet.\u201d<\/p>\n However, according to blockchain analytics platform Lookonchain, the bad actor has now exchanged<\/a> all the stolen assets, except FRAX, into 11,700 ETH, which they then sent to four new wallets.<\/p>\n The protocol had earlier clarified that GMX V2, its markets, liquidity pools, and the GMX token were not affected. It also announced a temporary pause on GLP token minting and redemption on both Arbitrum and Avalanche to prevent further impact and secure funds. Its users were later told<\/a> to disable leverage and update their settings to block further GLP minting.<\/p>\n Additionally, GMX sent an on-chain message to the hacker, offering a white-hat bounty worth $4.2 million. The proposal also promised there would be no legal consequences if the culprit returned the remaining 90% within 48 hours. So far, they have not responded.<\/p>\n A full postmortem report has not yet been released. However, blockchain security firm SlowMist has attributed the breach to a design flaw in GMX V1. The vulnerability enabled the exploiter to manipulate the GLP token price by interfering with the system\u2019s calculation of total assets under management.<\/p>\n SlowMist explained<\/a> that they used a function that enables leverage during order execution and performed a re-entrancy attack. These allow repeated calls within one function, causing a smart contract to calculate the wrong balance.<\/p>\n By opening large short positions in a single transaction, the criminal was able to manipulate the global price data. This action artificially inflated the GLP token price and profit through redemption.<\/p>\n Hacks and cybersecurity attacks remain a major challenge in the crypto industry. A recent CertiK report revealed<\/a> that over $801.3 million was lost across 144 incidents in Q2 2025. Phishing was the most damaging, with $395 million stolen in 52 exploits. Code vulnerabilities followed closely, causing $235.8 million in losses across 47 cases.<\/p>\n The post GMX Hacker Converts Stolen Loot into 11,700 ETH<\/a> appeared first on CryptoPotato<\/a>.<\/p>","protected":false},"excerpt":{"rendered":" On July 9, the decentralized trading platform GMX suffered a major exploit, leading to the loss of $42 million in assorted cryptocurrencies. Now, on-chain data shows that the hacker has changed most of the stolen funds into 11,700 ETH. The GMX Hack The Wednesday incident saw the attacker stealing over $10 million worth of legacy […]<\/p>\n","protected":false},"author":0,"featured_media":79882,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-79881","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-discovery"],"_links":{"self":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/79881"}],"collection":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=79881"}],"version-history":[{"count":0,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/79881\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/media\/79882"}],"wp:attachment":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=79881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=79881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=79881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}A Re-Entrancy Exploit<\/h2>\n