$42 million Drained from GMX Liquidity Pool amid Exploit

Planck

- Decentralized perpetual exchange GMX hit by $42 million exploit targeting GLP pool
- Breach occurred on Arbitrum blockchain, prompting immediate security measures
On July 9, 2025, The Block reported that a hacker exploited the GMX decentralized perpetuals exchange for $42 million, targeting the GLP liquidity pool on the Arbitrum blockchain. According to the report, the attacker drained the funds and converted them into multiple cryptocurrencies, including USDC, ETH, DAI, FRAX, wrapped bitcoin, and wrapped ETH. Additionally, blockchain analysis showed that shortly after the breach, the attacker began bridging the stolen funds from Arbitrum to the Ethereum mainnet.
Security firms initially assessed the attack as a possible re-entrancy exploit, a vulnerability that allows attackers to manipulate smart contract functions and abnormally mint assets—in this case, GLP tokens. In response to the breach, GMX sent an on-chain message to the hacker, offering a 10% white-hat bounty for the return of stolen funds and promising no legal action if the attacker returned the assets within 48 hours.
To mitigate further loss, GMX suspended trading on GMX V1 and halted the minting and redeeming of GLP tokens across both the Arbitrum and Avalanche networks. While the team confirmed that GMX V2 contracts, markets, and the native GMX token were unaffected, the GMX token’s price still dropped 18% after news of the exploit broke. Meanwhile, on-chain intelligence from Arkham showed the hacker’s wallet held nearly $44 million in assets as of the latest data.
Get the latest news in your inbox!