The hacker responsible for the $40 million breach of the GMX decentralized exchange (DEX) has started returning the stolen funds, following a $5 million white hat bounty offer from the GMX team.
This development marks a significant step toward resolving one of the largest recent DeFi exploits.
#PeckShieldAlert #GMX Exploiter msg: funds will be returned later pic.twitter.com/ohlOVYWSvD
— PeckShieldAlert (@PeckShieldAlert) July 11, 2025
On Wednesday, the attacker exploited a design flaw in GMX v1, a perpetual trading platform on the Arbitrum network. The vulnerability allowed manipulation of GLP token values, enabling the hacker to drain various crypto assets from the platform’s liquidity pool.
After the breach, the GMX team publicly acknowledged the hacker’s technical skill and offered a $5 million bounty for the return of the stolen assets. They categorised this as a white hat reward, allowing the hacker to keep this amount legally once the majority of the funds were returned. The team also warned of legal action if the funds were not returned within 48 hours.
Shortly after accepting the bounty, the hacker posted an onchain message confirming the intention to return the funds. Within an hour, the address identified as “GMX Exploiter 2” started transferring assets back. So far, approximately $9 million in Ether (ETH) and over $10 million in FRAX stablecoins have been returned to GMX-controlled addresses, amounting to nearly half of the stolen value.
Blockchain security firm PeckShield monitored the transactions and verified the ongoing return of assets. The GMX team continues to coordinate with the hacker to ensure the full recovery of the stolen funds.
This incident highlights the risks inherent in DeFi platforms, especially those with complex tokenomics and liquidity mechanisms. GMX’s response, including the bounty offer and public communication, demonstrates a proactive approach to mitigating losses and encouraging ethical behaviour among hackers.
DeFi users are reminded to exercise caution and conduct thorough due diligence when engaging with emerging protocols. The GMX exploit serves as a case study in both vulnerability management and crisis response in decentralized finance.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
