⛑️FN Hotspot Express丨$42.00 million stolen from GMX. How should DeFi security be guaranteed?

On the evening of July 9th, another large theft occurred on the chain. $42.00 million was stolen from @GMX_IO. Here is a summary of the latest progress and reasons so far:

Attack Process and Fund Flow

Security companies @peckshield and SlowMist @SlowMist_Team analysis shows that the attacker exploited a flaw in $GMX V1's AUM processing logic. This flaw caused the contract to update the global average price immediately after opening a short position. The attacker used this to construct a targeted operation path to manipulate the token price and arbitrage redemption.

The attacker transferred approximately $9.65 million in assets from Arbitrum to Ethereum, and then exchanged them for $DAI and ETH. Some of the funds flowed into the mixing protocol Tornado Cash. The remaining approximately $32.00 million in assets are still in the Arbitrum network, involving tokens such as FRAX, $wBTC, $DAI, etc.

After the incident, $GMX made an on-chain call to the hacker's address, requesting the return of 90% of the funds and offering a 10% white hat bounty. According to the latest on-chain data, the $GMX hacker has converted the assets stolen from the $GMX V1 pool into ETH.

The assets stolen by the hacker include WBTC/WETH/UNI/FRAX/LINK/USDC/USDT. Currently, all assets except FRAX have been sold and converted into 11,700 $ETH (approximately $32.33 million), which have been分散 deposited into 4 wallets. Therefore, the $GMX hacker now holds 11,700 $ETH (approximately $32.33 million) and 10.495 million FRAX through 5 wallets, with a total value of approximately $42.80 million.

Ember Research analysis suggests that the hacker's actions likely indicate a rejection of the $GMX project team's proposal to return the assets in exchange for a 10% white hat bounty.

More attack details can be found at:
https://t.co/JEX9pE2mKA