The GLP pool of $GMX V1 on Arbitrum has experienced an exploit. Approximately $40M in tokens has been transferred from the GLP pool to an unknown wallet.
Security has always been a core priority for $GMX, with the $GMX smart contracts undergoing numerous audits from top security specialists. So, in this hands-on-deck moment, all core contributors are investigating how the manipulation occurred, and what vulnerability may have enabled it.
Our security partners are also deeply involved, to ensure we gain a thorough understanding of the events that occurred and minimise any associated risks as quickly as possible. Our primary focus is on recovery and pinpointing the root cause of the issue.
Actions taken:
Trading on $GMX V1, and the minting and redeeming of GLP, have been disabled on both Arbitrum and Avalanche to prevent any further attack vectors and protect users from additional negative impacts.
Scope of the vulnerability:
Please note that the exploit does not affect $GMX V2, its markets, or liquidity pools, nor the $GMX token itself.
Based on the available information, the vulnerability is limited to $GMX V1 and its GLP pool.
As soon as we have more complete and validated information, a detailed incident report will follow.