GMX Exploiter launches $40 million returns with stolen code after winnings transaction

    Crypto AI Updates04 mins


    The attacker exploits the GMX V1 distributed exchange (DEX) and starts repatriating stolen funds after sending an Onchain message promising to return the code.

    In an on-chain message flagged by blockchain security company Peckshield, the hackers write that the funds will be returned. “OK, the funds will be returned later,” Exploit wrote in an Onchain message, accepting the bounty offered by the GMX team.

    Hackers begin returning stolen codes

    Almost an hour later, the hackers began returning stolen codes from the attack. At the time of writing, the address labeled GMX Exploiter 2 had returned approximately $9 million in Ether (ETH) to the Ethereum address specified by the GMX team in an Onchain message.

    Peckshield flagged the attacker returning about $5.5 million in Frax tokens to the GMX team. After a while, the hacker returned an additional $5 million FRAX token to the GMX address.

    At the time of writing, approximately $20 million in assets had been returned to GMX.

    Wednesday’s exploit targeted the liquidity pool of GMX V1, the first iteration of the permanent trading platform deployed in Arbitrum.

    The attackers used up various crypto assets from the platform after exploiting design flaws to manipulate the value of GLP tokens.

    On-chain message from GMX Exploiter that promises to return the funds. Source: Arbiscan

    GMX provided attackers with a $5 million prize

    In the X Post, the GMX team recognized the hacker’s abilities and offered a $5 million prize money to return funds stolen during the attack.

    The team promised that the amount would be classified as a bounty of a white hat that could be freely spent as soon as the funds are returned.

    “You’ve done the exploit well, and your ability to do so is clear to those considering trading exploits,” writes GMX. “The $5 million White Hat Bug Bonus will remain available.”

    The GMX team said this will help hackers remove the risks associated with spending stolen funds. The team even offered to provide evidence of funding if the hackers requested it.

    In an on-chain message, the GMX team also told hackers that if funds were not returned, they would pursue legal action in 48 hours.

    In the message, the team said that hackers can receive 10% of the stolen funds as a reward for white hats as long as 90% of the code is returned to the specified address.

    Onchain messages from the GMX team sent to GMX Exploiter. Source: Arbiscan

    Related: Brazil’s central bank service provider has been hacked and $140 million theft

    https://www.youtube.com/watch?v=ndv0rfehetq

    magazine: Coinbase hack shows that the law probably doesn’t protect you – this is why