From Heist to Payday: GMX Hacker Walks Away with $5M After $50M Exploit

The hacker behind the $40 million GMX exploit has begun returning the stolen crypto after accepting a $5 million white hat bounty offered by the GMX team.

Hacker starts returning millions

On Wednesday, GMX v1, a decentralized perpetual trading platform on Arbitrum, was exploited through a design flaw that allowed the attacker to manipulate the value of GLP tokens and drain liquidity. The attacker initially made off with $40 million in various coins.

However, hours later, blockchain security firm PeckShield flagged an on-chain message from the exploiter: “Ok, funds will be returned later.” Shortly after, funds started flowing back to the address specified by GMX.

So far, approximately $20 million has been returned, including $9 million in ETH and over $10 million in FRAX tokens across two separate transfers.

$5M white hat bounty

The GMX team publicly acknowledged the hacker’s technical prowess and offered a $5 million white hat bounty in exchange for the safe return of the assets. The bounty, close to 10% of the stolen funds, came with no strings attached, allowing the hacker to spend it freely and legally, with assistance from GMX to prove its source if needed.

In a message sent on-chain, GMX also warned the attacker that legal proceedings would begin within 48 hours if the funds weren’t returned. The combination of incentives and pressure appears to have worked.

Security and trust

This partial recovery is a win for the GMX protocol and its users, though questions remain around the exploit’s root cause and whether more funds will be returned. Still, the use of a white hat bounty, rather than law enforcement alone, shows a growing trend in decentralized security negotiations.

As DeFi platforms grow in size and complexity, bounties and on-chain diplomacy may play an increasingly important role in managing risks and damage control.