GMX token surges 14% after hacker begins returning funds from $40 million exploit

The exploiter behind the $40 million drain of the decentralized perpetual exchange GMX, which occurred earlier this week, has begun returning the stolen funds after seemingly accepting the project's $5 million white-hat bug bounty offer.The hacker exploited GMX's V1 GLP pool on Arbitrum, stealing over $40 million in various cryptocurrencies, including USDC, FRAX, WBTC, and WETH, prompting GMX to halt V1 trading and minting both on Arbitrum and Avalanche. The breach, which did not affect GMX V2 or its native token, led GMX to offer the attacker a 10% bounty via an onchain message, committing not to pursue legal action if the remaining funds were returned within 48 hours.Responding to GMX in another onchain message on Friday, the exploiter said simply, "ok, funds will be returned later," as noted by blockchain security firm PeckShield on X. Shortly after, one of the exploiter's addresses returned 5.5 million FRAX ($5.5 million) to the GMX Deployer in an initial transaction, followed by another 5 million FRAX ($5 million) transfer, PeckShield flagged.GMX's native token dropped 28% in the aftermath of the attack to a low of $10.45. While it had already begun to recover, the token subsequently surged around 14% on Friday after the hacker agreed to return the funds, according to The Block's GMX price page. GMX is currently trading for $13.25.GMX/USD price chart. Image: The Block/TradingView."Thank you, we greatly appreciate this," GMX later replied onchain. The exploiter subsequently also returned around 9,000 ETH ($27 million), PeckShield noted.GMX hack post-mortemIn a post-mortem on Thursday, the project confirmed GMX V1 on Arbitrum was exploited for around $40 million through a re-entrancy vulnerability in the OrderBook contract, which allowed an attacker to manipulate the average short price of BTC, inflate the GLP liquidity provider token price, and redeem at a profit. The team quickly paused trading, coordinated with partners to track funds, and confirmed GMX V2 was not affected.Going forward, GLP minting and redemption on Arbitrum will be disabled. Remaining funds will be allocated for reimbursement, and affected users will be able to close their positions, it said. The team also issued guidance for GMX V1 forks to mitigate similar risks and plans to hold a DAO discussion on further reimbursement measures. GMX V2 operations remain unaffected."Posting this message in hopes of connecting with the individual responsible for the GMX V1 exploit," GMX added on X. "You've successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions. The white-hat bug bounty of $5 million continues to be available" — covered by the project's treasury.GMX allows users to trade BTC, ETH, AVAX, and other cryptocurrencies with up to 100 times leverage. The platform initially launched on Arbitrum One in 2021 and has since amassed $306 billion in total trading volume, with over $265 million in current open interest across nearly 715,000 users, according to its website.Updated with additional fund returns.Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.