The decentralized perpetuals exchange $GMX suffered a $42 million exploit Wednesday morning.
While a post-mortem of the attack has yet to occur, the hacker appears to have drained funds out of $GMX's GLP liquidity pool. They then transferred funds from USDC to ETH and then to the stablecoin DAI, while also stealing millions worth of FRAX, wrapped bitcoin, wrapped ETH, and other cryptocurrencies, onchain data shows.
The blockchain security and analytics firm PeckShieldAlert shared on X what appears to be a developer message to the hacker, which acknowledged the $GMX V1 exploit and offered a 10% white-hat bounty for the return of funds. $GMX also stated it will not pursue further legal action if the remaining funds are returned within 48 hours.
A wallet linked to the hacker appears to hold nearly $44 million in assets, according to data from Arkham Intel.
$GMX allows users to trade bitcoin, ether, avalanche, and other cryptocurrencies with up to 100-times leverage. The platform initially launched on Arbitrum One in 2021, and has since amassed $305.5 billion in total volume and over $229 million in open interest across 714,348 users, according to the platform's website.
This story is developing.