Hacker returned GMX stolen $40 million

The hacker returned almost all the funds stolen from the GMX protocol. He agreed to a reward of $5 million offered by the project team.

#PeckShieldAlert #GMX Exploiter msg: funds will be returned later pic.twitter.com/ohlOVYWSvD

— PeckShieldAlert (@PeckShieldAlert) July 11, 2025

An unknown individual withdrew assets from the GLP coin pool on GMX V1 in the Arbitrum network. The hack affected USDC, FRAX, wBTC, and wETH.

The GMX team sent an on-chain message to the Hacker. They offered him 10% of the amount as a reward and promised not to pursue legal action if he returns the remaining 90% within 48 hours.

Hacker replied:

"Ok, the funds will be returned later".

Shortly after that, he sent two tranches of 5.5 million FRAX and 5 million FRAX to the GMX address. Later, the Hacker returned about 9000 ETH (~$27 million).

After the incident, the native token GMX fell by 28% to $10.45. Following the news of the refund, the price rose by 15.8%. At the time of writing, the asset is trading at $13.3.

In the hack report, the team confirmed that V1 on Arbitrum was affected by a reentrancy vulnerability in the OrderBook contract. This allowed the hacker to manipulate the price of Bitcoin and withdraw liquidity with profit.

The developers emphasized that the second version of the protocol is unaffected. In the future, minting and redemption of GLP on the Arbitrum network will be disabled. The remaining funds will be directed towards compensating users for their losses.

Recall that in June, the Resupply stablecoin protocol lost about $9.5 million as a result of a hack. The Hacker exploited a vulnerability in the exchange rate calculation system.