Less than a week after decentralized exchange GMX was hit by a $40 million exploit, the anonymous attacker has started returning funds, signaling a potential resolution to the situation.
The development follows an onchain message from the exploiter, who appears to have accepted a white-hat bounty offer from the GMX team.
Onchain messages and the return process
Blockchain security firm PeckShield flagged an onchain message where the attacker wrote, “Ok, funds will be returned later,” a response seemingly aimed at GMX’s earlier offer of a $5 million bounty in exchange for the return of the funds.
Not long after, the wallet identified as GMX Exploiter 2 began sending back portions of the stolen crypto to an Ethereum address publicly specified by GMX.
According to onchain data, the attacker has so far returned around $9 million in Ethereum and approximately $10.5 million in FRAX stablecoins, in two separate transactions.
That brings the total amount returned to roughly $20 million at the time of writing, about half of the funds initially siphoned off in the exploit.
The exploit itself, which occurred on GMX v1 (the first version of the protocol on Arbitrum), stemmed from a design vulnerability that allowed the attacker to manipulate the value of GLP tokens in a liquidity pool, enabling the draining of multiple crypto assets including ETH, FRAX, and others.
White hat offer and deadline pressure
Shortly after the attack, GMX acknowledged the skill involved and extended an olive branch in the form of a $5 million white-hat bounty.
The team confirmed that the bounty would be freely spendable by the attacker once the stolen assets were returned. “You’ve successfully executed the exploit; your abilities in doing so are evident,” the team wrote in an onchain message.
GMX also gave the exploiter a clear deadline which is toreturn 90% of the funds within 48 hours or face legal action.
The remaining 10%, they added, could be kept as a bounty. With about half of the assets now back in the team’s hands, it remains to be seen whether the rest will follow.
