Decentralized perpetuals exchange GMX has been hit by a significant security breach today, with over $42 million in funds siphoned from the protocol.
The attack targeted GMX’s GLP liquidity pool and remains under investigation, as the team has yet to release a full post-mortem.
On-chain activity and security analysts suggest that the stolen assets were swiftly swapped and moved across networks in what appears to be a sophisticated exploit.
Funds drained, swapped, and bridged in coordinated theft
According to blockchain analytics firms including DeBank and Arkham Intelligence, the attacker initiated the exploit by extracting assets from GMX’s V1 vault contracts, primarily in the form of USDC.
The funds were then swapped into ETH, DAI, FRAX, wrapped ETH (wETH), wrapped BTC (wBTC), and other tokens before being bridged from Arbitrum to Ethereum.
A wallet linked to the attacker is currently holding close to $44 million in various digital assets, Arkham data shows.
PeckShieldAlert shared a screenshot on X revealing a message believed to be sent by GMX developers directly to the exploiter, acknowledging the vulnerability and offering a 10% white-hat bounty.
“We are offering a 10% bounty for the return of funds. If returned within 48 hours, we will not pursue further legal action,” the message reportedly stated.
As of now, the attacker has not responded publicly.
GMX seeks resolution, while users await post-mortem
Launched on Arbitrum in 2021, GMX has become one of the most recognized decentralized exchanges for leveraged trading. It supports up to 100x leverage on assets like Bitcoin, Ethereum, and Avalanche, and has processed over $305 billion in total volume, according to its official site.
The exploit comes at a time when confidence in DeFi security continues to be tested, with users increasingly demanding better transparency and safeguards.
Community members are now closely monitoring both the hacker’s wallet activity and GMX’s next steps, particularly whether the funds will be returned or further enforcement will follow.
Meanwhile, users with open positions on GMX await clarity on how this breach may impact their assets and the protocol's stability moving forward.
