 
 
   - At the time of writing, the total amount returned to GMX stood at approximately $20 million.
- GMX acknowledged the technical sophistication of the exploit and issued a $5 million bounty for the return of funds.
- The attacker reportedly manipulated the price of GLP tokens, draining a variety of crypto assets from the platform.
The attacker who exploited a vulnerability in the GMX v1 decentralised exchange and stole approximately $40 million in crypto has begun returning the stolen assets after accepting a bounty offered by the GMX team.
According to blockchain security firm PeckShield, the hacker sent an on-chain message acknowledging the bounty and indicating willingness to cooperate.
“Ok, funds will be returned later,” the exploiter wrote in a blockchain transaction, referencing the terms outlined by GMX for a partial return of the stolen funds.
The hacker starts transferring funds back
Less than an hour after the message was broadcast, the attacker began transferring funds back to the address specified by GMX.
PeckShield reported that about $9 million in Ether (ETH) was sent to the team.
The Ethereum address used in the transaction has been labelled GMX Exploiter 2 on blockchain tracking platforms.
PeckShield also flagged two separate transfers of FRAX stablecoins, with the attacker returning $5.5 million in one transaction and an additional $5 million later.
At the time of writing, the total amount returned to GMX stood at approximately $20 million, representing half of the stolen assets.
The original exploit, which occurred on Wednesday, targeted a liquidity pool on GMX v1, a perpetual trading protocol deployed on the Arbitrum Layer 2 network.
The attacker reportedly manipulated the price of GLP tokens, draining a variety of crypto assets from the platform by exploiting a design flaw in the protocol.
GMX offered $5 million white hat bounty
In response to the breach, GMX acknowledged the technical sophistication of the exploit and issued a $5 million bounty for the return of funds.
In a post on X (formerly Twitter), the GMX team addressed the hacker directly, offering the bounty under a “white hat” classification, which would allow the attacker to spend the funds legally if the bulk of the assets were returned.
“You’ve successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions,” GMX wrote. “The white hat bug bounty of $5 million continues to be available.”
The team emphasized that the bounty was intended to eliminate legal and practical risks associated with using stolen crypto.
GMX also offered to provide proof of the source of funds if needed, enabling the exploiter to pass compliance checks or audits.
In addition to the public bounty, the GMX team issued an on-chain ultimatum, stating that legal action would be pursued within 48 hours if the funds were not returned.














