Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Samson Mow claims Peter Todd was ‘paid’ for OP_RETURN PR

    July 10, 2025

    YZi Labs bets on Aspecta to crack the code on trillion-dollar Illiquid asset puzzle

    July 10, 2025

    The Future of Ecosystem Development at the EF

    July 10, 2025
    Facebook X (Twitter) Instagram
    Thursday, July 10
    • About
    • Contact us
    • Privacy Policy
    Facebook X (Twitter) LinkedIn YouTube
    Blockchain Echo
    Banner
    • Lithosphere News Releases
    • Bitcoin
    • Crypto
    • Ethereum
    • Litecoin
    • Altcoins
    • Blockchain
    Blockchain Echo
    Home » Crypto hackers lift $42m from GMX’s Arbitrum liquidity pool in broad daylight
    Crypto

    Crypto hackers lift $42m from GMX’s Arbitrum liquidity pool in broad daylight

    John SmithBy John SmithJuly 10, 2025No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email



    Despite layers of scrutiny, GMX’s V1 GLP pool was hacked for over $40 million in a brazen exploit. With leverage functions now frozen, traders are left wondering: How did audited contracts crack? And what does this mean for DeFi’s perpetual trading future?

    On July 9, on-chain perpetual and spot exchange GMX confirmed that its V1 GLP pool on Arbitrum had been exploited, with over $40 million worth of assorted tokens siphoned into an unknown wallet in a single transaction.

    The attack, which appears to have manipulated the GLP vault mechanism, forced the protocol to halt trading and pause the minting and redeeming of GLP on both Arbitrum and Avalanche. GMX clarified that the breach was isolated to V1 and did not impact GMX V2, its token, or other associated markets.

    While the GMX team has yet to disclose the exact exploit vector, the incident exposes the fragility of even audited smart contracts and raises urgent questions about the sustainability of decentralized leverage markets, where GMX has long been a dominant player.

    How audits failed to stop the $40 million GMX exploit

    The attacker’s path to draining $40 million from GMX’s V1 GLP pool was alarmingly straightforward yet devastatingly effective. According to blockchain analysts, the exploit involved manipulating the protocol’s leverage mechanism to mint excessive GLP tokens without proper collateral.

    Once the attacker artificially inflated their position, they redeemed the fraudulently minted GLP for underlying assets, leaving the pool short of over $40 million in a matter of blocks.

    The funds didn’t remain idle for long. According to Cyvers and Lookonchain, the attacker used a malicious contract funded through Tornado Cash to obscure the origin of the exploit. Roughly $9.6 million of the estimated $42 million haul was bridged from Arbitrum to Ethereum using Circle’s Cross-Chain Transfer Protocol, with portions swiftly converted to DAI.

    Assets drained included ETH, USDC, fsGLP, DAI, UNI, FRAX, USDT, WETH, and LINK, making this a multi-asset strike spanning both native and synthetic tokens.

    Before the hack, GMX’s V1 contracts were reviewed by top auditing firms. Quantstamp’s pre-deployment audit assessed core risks like reentrancy and access controls, while ABDK Consulting conducted additional stress tests. Yet neither audit flagged the specific leverage manipulation vector that enabled this exploit.

    The oversight highlights a recurring blind spot in DeFi security: audits tend to focus on general vulnerabilities but often miss protocol-specific logic flaws. Ironically, GMX had proactive safeguards in place, including a $5 million bug bounty program and active monitoring by firms such as Guardian Audits.

    This exploit doesn’t just undermine GMX, it casts doubt on the audit-driven security paradigm as a whole. If a protocol as mature and battle-tested as GMX can lose $40 million to a logic flaw, the implications for less scrutinized projects are deeply concerning.

    Meanwhile, GMX’s on-chain appeal to the hacker, offering a 10% bounty for the return of funds, underscores DeFi’s harsh reality: recovery efforts often rely on negotiating with attackers.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleA new chapter in the infinite garden
    Next Article EXCLUSIVE: Ex-SafeMoon CTO admits rug pull, details insider exemptions
    John Smith

    Related Posts

    YZi Labs bets on Aspecta to crack the code on trillion-dollar Illiquid asset puzzle

    July 10, 2025

    Unlock DOGE, ETH, XRP cloud mining: Earn daily with HASHJ

    July 10, 2025

    XRP price recovers to $2.42: WinnerMining participants’ daily earnings rise

    July 10, 2025
    Leave A Reply Cancel Reply

    Top Posts

    🐍 Lunar New Year Scratch & Win Campaign Is Live with a Grand Prize of 8,888,888 VERSE (~$1800) | by Bitcoin.com | Jan, 2025

    January 24, 2025

    Trade VERSE/USDT on KuCoin to Earn your Share of $8400 in Rewards! | by Bitcoin.com | Jan, 2025

    January 24, 2025

    Boost Your Crypto: Up to 30% Cash Back! | by Bitcoin.com | Jan, 2025

    January 24, 2025
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    About Us

    Stay updated on the world of cryptocurrency
    Your one-stop source for daily crypto news and insights
    Blockchainecho.info: Your trusted daily crypto companion

    Most Popular

    🐍 Lunar New Year Scratch & Win Campaign Is Live with a Grand Prize of 8,888,888 VERSE (~$1800) | by Bitcoin.com | Jan, 2025

    January 24, 2025

    Trade VERSE/USDT on KuCoin to Earn your Share of $8400 in Rewards! | by Bitcoin.com | Jan, 2025

    January 24, 2025

    Boost Your Crypto: Up to 30% Cash Back! | by Bitcoin.com | Jan, 2025

    January 24, 2025
    Copyright © 2025
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.