Hacker Returns $10M in GMX Heist But Keeps $3M ETH Profit Amid Bounty Deal

GMX hacker returns $10.49M after exploit, but keeps $3M ETH profit despite white-hat bounty agreement.

Fridah Kangai
July 13, 2025
1:30 pm

Fridah Kangai

Fridah Kangai is a dedicated crypto journalist with a sharp eye for market trends, blockchain innovation, and digital asset movements. She specializes in breaking down complex topics into clear, engaging stories for both seasoned investors and curious newcomers. With a passion for decentralization and a pulse on the ever-evolving crypto space, Fridah delivers timely, accurate, and insightful coverage. Her work bridges the gap between technology and everyday understanding in the world of cryptocurrency.

GMX hacker returns $10M but keeps $3M ETH profit.
White-hat bounty deal sparks partial asset recovery on GMX.
Exploit traced to pricing flaw in GMX’s GLP pool.

According to Lookonchain, the hacker behind the $42 million GMX exploit has begun returning stolen funds. Around $10.49 million in FRAX has already been sent back following a $5 million white-hat bounty offer.

The GMX V1 protocol on Arbitrum was the target of the exploit, which affected its GLP liquidity pool. Some of its deposits that were emptied included FRAX, USDC, DAI, WBTC, and WETH.

On a short-term note, GMX halted all operations related to GLP on Arbitrum and Avalanche to stem the loss. This helped GMX exercise control over the situation prior to tapping increased financing channels.

The #GMX hacker chose to return the stolen $42M assets for a $5M white-hat bug bounty.

Currently, $10.49M $FRAX has been returned.

Another $32M assets had been swapped into 11,700 $ETH, which is now worth $35M—netting a ~$3M gain.

🤔Will the hacker return all 11,700… pic.twitter.com/XjBlAK81Mf
— Lookonchain (@lookonchain) July 11, 2025

Together with the returned FRAX, the attacker exchanged 32 million dollars into 11,700 ETH, which are now worth 35 million dollars—such action guaranteed a profit of $3 million, which is currently under the attacker’s control.

There is no specific clarification on when the rest of the money, as well as the ETH profit, will be returned. Nevertheless, the bounty offer promises no legal action if what has been lost is returned.

According to PeckShield and Cyvers, the vulnerability behind this exploit can be traced to the re-entrancy bug in the GLP pool that used to determine the price. This enabled the flooding attacker to make multiple logins and deplete the assets in the pool, but not cause an alert in the system.

White-Hat Bounty Raises Questions as Hacker Keeps Extra Profit

In the meantime, the 10 percent incentive offered by GMX has motivated some of them to return. Such bounty programs have become common in DeFi to encourage ethical intervention in the face of security cases.

Although the breach in question was quite significant, the crypto market as a whole was stable. The news saw Bitcoin go up by approximately 2 percent and Ethereum go up by a similar 6 percent.

The immediate user response implied that the native token of GMX declared losses of almost 20 percent in the incident. That drop has slowed since then, as updates have been made on the recovery of money in the fund.

The fact that some of the stolen crypto is returned is an indication of a breakthrough. That being said, there is a question mark over the fact that the hacker decided to hold the $3 million in ETH rather than sell it, so one cannot be sure about the overall result.

Also Read: XRPL EVM Sidechain Explodes With 1,400 Smart Contracts in First Week