In a positive development for the crypto community, the individual responsible for the GMX exploit accepted the platform’s bounty and returned over $40 million worth of assets stolen from the project.
Related Reading
Crypto Hacker Takes $42 Million From GMX
On Friday, the recent GMX V1 exploit ended on a happy note after the individual responsible for the incident turned into a white-hat hacker. Perpetual and spot crypto exchange GMX lost over $40 million on Wednesday when an attacker exploited a vulnerability in the protocol’s first version on Arbitrum.
According to online reports, GMX V1’s vault contract had a vulnerability that allowed the attacker to manipulate the GLP token price through the system’s calculations.
Blockchain security firm SlowMist explained that “The root cause of this attack stems from GMX v1’s design flaw, where short position operations immediately update the global short average prices (globalShortAveragePrices), which directly impacts the calculation of Assets Under Management (AUM), thereby allowing manipulation of GLP token pricing.”
Through a reentrancy attack, they successfully established massive short positions to manipulate the global average prices, artificially inflating GLP prices within a single transaction and profiting through redemption operations.
As a result, approximately $42 million worth of assets, including Legacy Frax Dollar (FRAX), wrapped bitcoin (WBTC), wrapped ETH (WETH), and other tokens, were transferred from the GLP pool to an unknown wallet.
The perpetual crypto exchange halted GMX V1’s trading and GLP’s minting and redeeming on both Arbitrum and Avalanche to prevent another attack and protect users’ funds. However, they clarified that the exploit was limited to GMX’s V1 and its GLP pool. GMX V2, its markets, or liquidity pools, and the GMX token were not affected and remained safe.
White-Hat Claims $5 Million Bounty
Following the incident, GMX sent a message on-chain and on X offering a $5 million white-hat bounty to the attacker, claiming that their abilities were “evident to anyone looking into the exploit transactions.”
GMX’s team noted that returning the funds within the next 48 hours and accepting the bounty would allow the hacker to “spend the funds freely,” instead of taking additional risks to access them. They also vowed not to pursue any legal action and to assist the exploiter in providing proof of source for the funds if it is ever required.
Click Here to Read the Full Original Article at NewsBTC…
