Good day everyone,

I hope you are all having a good day, welcome to CryptoGod-1's blog on all things crypto. In this post I will be looking at the exploit on GMX Exchange which saw over $40 million stolen.

GMX Exchange Hack

Trading was stopped on the GMX V1 protocol following an exploit to a liquidity pool on Wednesday. GMX acted quickly to stop trading but over $40 million in funds were stolen and sent to an unknown wallet while also being transferred from Arbitrum to Ethereum. GMX V1 is the first version of the GMX perpetual exchange deployed on the Arbitrum network and the liquidity pool which was attacked worked as a provider for the GMX protocol with a basket of underlying digital assets, including Bitcoin and stablecoins. The exploit saw over $40 million being transferred from GMX Vault-related contracts to a single wallet address: 0xdf3340a436c27655ba62f8281565c9925c3a5221.

https://x.com/GMX_IO/status/1942955807756165574

There was also a temporary suspension in minting and redemption of GLP tokens on both Arbitrum and the layer-1 Avalanche network. This was done to both protect against any additional fallout following the security exploit. Users were also told they should disable leverage and change their settings to disable GLP minting. The team stated:

“The exploit does not affect GMX V2, its markets, or liquidity pools, nor the GMX token itself. Based on the available information, the vulnerability is limited to GMX V1 and its GLP pool.”

A number of blockchain security firms got involved and had their say on the hack. SlowMist noted that the exploit came down to a design flaw which allowed hackers to manipulate the GLP token price through the calculation of the total assets under management. PeckShield meanwhile noted that over $42 million worth of crypto was stolen and around $9.6 million worth of the funds were bridged over to the Ethereum blockchain. Many hacks see funds transferred to Ethereum as a natural route to launder funds through token mixing protocol Tornado Cash. The remaining £32 million remains on Abritrum.

https://twitter.com/peckshield/status/1942947860645134450

The hacker went on to convert the Ethereum funds into DAI and ETH. The anomalous wallet gained 800%+ in value and contained a wide range of stolen assets, such as $187K in Bridged USDC, $9.75 million in USDC, $1.34 million in DAI and various USD stablecoins, and $10.44 million in Frax Dollar (Legacy). There were also major coins like $533K in UNI, $335K in LINK, $8.51 million in WETH, and $9.63 million in WBTC within the wallet.

GMX developers responded to the hacker, signing a message on-chain that read:

"We want to offer a 10% white-hat bounty for the return of the exploited funds."

The developers also confirmed that the exploit had no impact on GMX V2, the GMX token, or other liquidity pools. They also noted that their smart contracts have undergone numerous audits and that security is of the utmost importance. The team will now work closely with security experts to find out how the hack happened, recover the stolen funds if possible, and prevent any further risks. GMX has promised to share more details once the findings are validated, most likely within a security report. The exploit saw the price of GMX fall by more than 10%.

Have a great day.

Peace. CryptoGod-1.

Referral Links and Follow Me:

Linktree