TL;DR
- A $5 million white-hat bounty convinced the GMX hacker to return over $38 million in phased tranches, restoring most of the $40 million exploit.
- GMX’s quick response, pausing V1 trading, offering on-chain rewards, and isolating V1 from its intact V2 platform, helped contain the damage.
- Confidence soared as the GMX token jumped 16%, with the protocol planning audits and community governance to bolster future security.
The exploiter behind GMX’s $40 million drain has begun sending assets back, reigniting confidence in the decentralized perpetuals exchange. As on-chain bounty negotiations unfolded, GMX’s native token erupted by 16% in a single session, erasing post-hack losses and drawing cheers from the community. Here’s how a swift white-hat offer and tactical crisis management helped GMX turn a calamity into a spectacular rebound.
Posting this message in hopes of connecting with the individual responsible for the GMX V1 exploit.
You've successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions.
The white-hat bug bounty of $5 million continues… https://t.co/KPf2fEtU6t
— GMX 🫐 (@GMX_IO) July 10, 2025
White-Hat Bounty Sparks Unexpected Cooperation
Shortly after the exploit hit the exchange’s V1 GLP liquidity pool on Arbitrum, the protocol paused trading and posted an on-chain message offering a 10% reward for returning 90% of the stolen funds. That $5 million white-hat bounty acted as a powerful incentive. By Friday morning, the attacker replied, “ok, funds will be returned later,” setting into motion one of the most remarkable hacker-to-project collaborations in DeFi history.
Phased Returns Calm Frayed Nerves
The initial tranche came swiftly: 5.5 million FRAX (about $5.5 million) landed back in the protocol’s deployer address, followed by another 5 million FRAX. Moments later, roughly 9,000 ETH, valued at $27 million, flowed home, bringing total restitution to over $38 million. Each successful return ticked off critical milestones, reassuring users that the majority of their funds would be restored without resorting to legal or custodial remedies.
GMX V2 Stands Unscathed Amid Crisis
While the attack crippled GMX V1 operations on both Arbitrum and Avalanche, the newer V2 platform remained untouched. By disabling V1 trading and minting, the exchange swiftly isolated the breach, preserving the integrity of its live perpetual markets. The team’s transparent post-mortem outlined the re-entrancy vulnerability in the OrderBook contract and detailed steps for V1 forks to strengthen security.
Charting the Road to Recovery
With the hacker’s cooperation secured and over 95% of the stolen assets en route, the protocol’s focus shifts to reimbursing affected users and reinforcing its codebase. The exchange’s native token is trading at around $13, surging 16% and reflecting renewed investor faith, but the protocol plans deeper audits and a community-driven governance session to discuss long-term safeguards.
As GMX reopens, redeposits, and resumes normal operations, its crisis playbook may serve as a blueprint for rapid recovery in the broader DeFi landscape.
