CoinRSS: Bitcoin, Ethereum, Crypto News and Price Data

  • CONTACT
  • MARKETCAP
  • BLOG
CoinRSS: Bitcoin, Ethereum, Crypto News and Price Data
  • BOOKMARKS
  • Blockchain
  • Crypto
    • Bitcoin
    • Ethereum
    • Forex
    • Tether
  • Market
    • Binance
    • Business
    • Investor
    • Money
    • Trading
  • News
    • Coinbase
    • Mining
    • NFT
    • Stocks
Reading: Crypto Exchange GMX Drained of Bitcoin, Ethereum in $40 Million Exploit
Share
You have not selected any currencies to display
CoinRSS: Bitcoin, Ethereum, Crypto News and Price DataCoinRSS: Bitcoin, Ethereum, Crypto News and Price Data
0
Font ResizerAa
  • Blockchain
  • Crypto
  • Market
  • News
Search
  • Blockchain
  • Crypto
    • Bitcoin
    • Ethereum
    • Forex
    • Tether
  • Market
    • Binance
    • Business
    • Investor
    • Money
    • Trading
  • News
    • Coinbase
    • Mining
    • NFT
    • Stocks
Have an existing account? Sign In
Follow US
© Foxiz News Network. Ruby Design Company. All Rights Reserved.
CoinRSS: Bitcoin, Ethereum, Crypto News and Price Data > Blog > News > Crypto Exchange GMX Drained of Bitcoin, Ethereum in $40 Million Exploit
News

Crypto Exchange GMX Drained of Bitcoin, Ethereum in $40 Million Exploit

CoinRSS
Last updated: July 10, 2025 9:05 am
CoinRSS Published July 10, 2025
Share

Contents
In briefDaily Debrief Newsletter

In brief

  • GMX said that an initial version of the decentralized exchange was exploited.
  • Around $40 million worth of assets were lost, possibly due to a re-entrancy attack.
  • The project offered the attacker a “10% white-hat bounty,” if funds were returned within 48 hours.

GMX, a cross-chain decentralized exchange specializing in perpetual futures trading, warned on Wednesday that an initial version of its platform was exploited.

Roughly $40 million worth of tokens were siphoned from GMX V1, which debuted on the Ethereum layer-2 scaling network Arbitrum in 2021, to an unknown wallet, GMX said on X. In response, GMX V1 trading was disabled, alongside the minting and redeeming of GMX’s GLP token on Arbitrum and the layer-1 network Avalanche, GMX said.

GMX was recently changing hands around $11.19, a nearly 21% drop over the past day, according to crypto data provider CoinGecko. GMX’s GLP token is designed to allow purchasers to earn fees in Ethereum or Avalanche from users’ activity on the exchange by effectively providing liquidity.

Investors can swap assets like Bitcoin and Ethereum for GLP tokens through GMX’s website, and those funds are then pooled together. In theory, GLP holders are able to sell the token back to GMX for assets in the liquidity pool—but most of those funds went missing on Wednesday.

That included around $10 million worth of Bitcoin, $10 million worth of Circle’s USDC stablecoin, $8.5 million worth of Ethereum, around $1 million worth of Tether’s USDT stablecoin, as well as substantial amounts of the Uniswap and Chainlink tokens, according to a dashboard on GMX’s website.

As the amount of money in the GLP liquidity pool plummeted on Wednesday, the supply of GLP tokens increased. Suhail Kakar, who leads developer relations for TAC, wrote on X that the exploit appears to be a “re-entrancy” attack that abused the logic behind minting GLP tokens.

“The attacker could trick the contract into thinking they hadn’t withdrawn anything—and mint more tokens repeatedly, using the same base funds,” Kakar explained. “This wasn’t a smash-and-grab. It was a long-planned, precision hit.”

Our initial analysis of today’s GLP exploit, conducted in collaboration with our security partners and lead auditor, still confirms that the attack vector is specific to GMX V1. The manipulation involved relates to the calculation of the short average price on V1, and the same…

— GMX 🫐 (@GMX_IO) July 9, 2025

Kakar, along with the blockchain security and data analytics firm PeckShield, noted that the attacker’s wallet was funded days before via Tornado Cash, the Ethereum coin mixer that the U.S. government previously sanctioned for its alleged use in money laundering.

GMX advised users on X to disable leverage trading and GLP minting. PeckShield said the vulnerability likely applies to forked versions of GMX, urging them to take caution as well.

Re-entrancy vulnerabilities allow an attacker to cram multiple calls—or interactions with a smart contract, which holds the code that powers decentralized apps—into a single function, tricking a smart contract into calculating an improper balance. One of the most prominent examples was the $55 million 2016 DAO hack on Ethereum.

Wednesday’s exploit is distinct from Bybit’s $1.4 billion loss in February, in which a developer’s workstation was compromised, ultimately leading to the largest crypto hack of all time.

Within GMX’s official Telegram channel, some users wondered whether GLP token investors would be refunded. On X, GMX said it plans on posting a detailed postmortem once the project’s investigation is complete. 

In a message sent to the attacker on-chain, GMX offered a “10% white-hat bounty,” equating to $4 million. Urging a “swift and ethical resolution,” the project said it would pursue no further legal action if the “funds are returned within 48 hours.”

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

Source link

You Might Also Like

Bitcoin mining difficulty eases from all-time high – Here’s why miners aren’t backing down

Why is crypto crashing today? ‘You have absolutely no idea what you own’

Ethereum Foundation Launches ‘Trillion Dollar Security Initiative’ to Fortify Network

Polkadot breaks above THIS major pattern – Will DOT finally rally to $10?

Bitcoin faces sell pressure: Will THESE demand levels prevent a freefall?

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Copy Link Print
Previous Article Trump Ally Compares Crypto Industry Writing Its Own Rules to Spilled ‘Urine Sample’
Next Article Pump.Fun’s token sale set for July 12 – $600M target & more…
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recipe Rating




Follow US

Find US on Socials
FacebookLike
TwitterFollow
YoutubeSubscribe
TelegramFollow
Subscribe to our newslettern

Get Newest Articles Instantly!

- Advertisement -
Ad image
Popular News
$40M in HYPE unstaked – Will this fuel Hyperliquid’s Q3 rally?
BTC Price will Hit $100K before Bitcoin Sweeps $30K Lows
Crypto Bahamas: Regulations Enter Critical Stage as Gov’t Shows Interest

Follow Us on Socials

We use social media to react to breaking news, update supporters and share information

Twitter Youtube Telegram Linkedin
CoinRSS: Bitcoin, Ethereum, Crypto News and Price Data coin-rss-logo

We influence 20 million users and is the number one business blockchain and crypto news network on the planet.

Subscribe to our newsletter

You can be the first to find out the latest news and tips about trading, markets...

Ad imageAd image
© CoinRSS: Bitcoin, Ethereum, Crypto News and Price Data. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?