In a stark reminder of DeFi’s persistent security gaps, on-chain perpetual and spot trading platform GMX has fallen victim to a major exploit draining over $40 million from its V1 GLP pool.
The attack, confirmed by GMX on July 9, targeted its Arbitrum-based pool and siphoned funds in a single swift transaction to an unknown wallet. The exploit forced GMX to immediately halt trading activities and suspend the minting and redeeming of GLP tokens on both Arbitrum and Avalanche networks.
URGENT: for all GMX V1 forks, GMX V1 has been exploited.
The issue could potentially be mitigated by doing the below:
1. Disable leverage: this can be done by setting Vault.setIsLeverageEnabled(false) or, if Vault Timelock is used, by setting… https://t.co/BbcUSaXyq9
— GMX 🫐 (@GMX_IO) July 9, 2025
Early blockchain analyses indicate that the attacker manipulated GMX’s leverage mechanism to mint excessive GLP tokens without providing adequate collateral. By inflating their position artificially, they were able to redeem these tokens for the pool’s underlying assets, effectively stripping it of liquidity within blocks.
In total, assets stolen included ETH, USDC, fsGLP, DAI, UNI, FRAX, USDT, WETH, and LINK, highlighting the multi-asset impact of this exploit. Reports from Cyvers and Lookonchain revealed that the hacker used Tornado Cash to fund a malicious contract, bridging approximately $9.6 million to Ethereum via Circle’s Cross-Chain Transfer Protocol before converting part of it to DAI to obscure the trail.
What further rattled the DeFi community was the fact that GMX’s V1 contracts had been thoroughly audited by renowned firms before deployment. Quantstamp’s audit examined standard threats like reentrancy, while ABDK Consulting ran additional stress tests. However, neither identified the specific leverage manipulation vulnerability exploited in this case.
While GMX assured users that its V2 contracts and token remain unaffected, the attack raises unsettling questions about the sustainability of decentralized leverage platforms.
In the aftermath, GMX has issued an on-chain appeal to the attacker, offering a 10% bounty for the safe return of the stolen funds— a sobering reflection of DeFi’s reality, where recovery often hinges on the ethics or negotiation leverage of those behind such hacks.
A recent report from blockchain intelligence firm TRM Labs revealed that more than $2.1 billion worth of cryptocurrency was stolen in the first half of 2025, driven largely by private key exploits and front-end compromises.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
