BusinessPostCorner.com
No Result
View All Result
Sunday, July 19, 2026
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
BusinessPostCorner.com
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
No Result
View All Result
BusinessPostCorner.com
No Result
View All Result

GMX Hacker Strikes White-Hat Deal: $42M Heist Turns $3M Profit After $5M Bounty Offer

July 11, 2025
in Crypto News
Reading Time: 4 mins read
A A
0
GMX Hacker Strikes White-Hat Deal: M Heist Turns M Profit After M Bounty Offer
ShareShareShareShareShare

On July 9, decentralized exchange GMX became the latest DeFi protocol to suffer a major exploit, with over $42 million in digital assets reportedly siphoned from its vaults.

According to data from DeBank, the breach involved a suspicious outflow of funds to a single wallet address: 0xdf3340a436c27655ba62f8281565c9925c3a5221.

The stolen funds were then bridged from Arbitrum—a Layer 2 Ethereum scaling network—back to the Ethereum mainnet, a tactic often used by exploiters to hide or launder assets.

In a surprising turn, blockchain analytics platform Lookonchain reported that the attacker agreed to a white-hat deal, opting to return the funds in exchange for a $5 million bounty.

The #GMX hacker chose to return the stolen $42M assets for a $5M white-hat bug bounty.

Currently, $10.49M $FRAX has been returned.

Another $32M assets had been swapped into 11,700 $ETH, which is now worth $35M—netting a ~$3M gain.

Will the hacker return all 11,700… pic.twitter.com/XjBlAK81Mf

— Lookonchain (@lookonchain) July 11, 2025

White-hat deals are occasionally used in DeFi when exploiters are willing to return funds in good faith, often after revealing critical vulnerabilities. This approach seeks to avoid prolonged investigations and reputational damage while recovering assets for affected users.

Partial Returns and a Profitable Arbitrage

According to Lookonchain’s analysis, the hacker has already returned $10.49 million worth of FRAX stablecoins. However, the remaining $32 million was not simply held—it was swapped into 11,700 ETH and is now worth $35 million, resulting in an unexpected $3 million profit due to ETH price appreciation.

The move is sparking debate over whether the attacker will return the full 11,700 ETH or simply send back $32 million and keep the additional gain. As of now, the hacker has yet to confirm their intentions publicly.

The incident is raising questions about how white-hat agreements are enforced and whether attackers can ethically retain profits earned post-exploit. While some see the return of most funds as a net positive, others argue that walking away with millions in profit—even with partial compliance—undermines the very spirit of the white-hat model.

DeFi Security and the Ethics of Exploitation

The incident highlights ongoing security challenges within decentralized finance, particularly in relation to large asset vaults and cross-chain functionality.

As of now, GMX has not confirmed whether a formal white-hat agreement was established prior to the partial return of funds.

The situation remains under observation, with the outcome likely to influence broader discussions around the role of white-hat arrangements and ethical boundaries in DeFi.

GMX Confirms $42M Exploit Rooted in Re-Entrancy Bug

In its lastest post GMX confirms that the $42 million exploit was caused by a re-entrancy vulnerability within its V1 contracts. Although the affected function was protected by a nonReentrant modifier, it only applied within the same contract, allowing the attacker to bypass this safeguard and manipulate the BTC average short price through the Vault contract.

https://t.co/1rfDbjDQ0r

— GMX 🫐 (@GMX_IO) July 10, 2025

By exploiting this loophole, the attacker artificially drove the GLP price up and profited by redeeming inflated GLP tokens after opening a large position using a flash loan.

The vulnerability was tied to how GMX V1 handled pricing calculations across separate contracts, a structure that has been revised in GMX V2, where calculations and executions now occur within the same contract to avoid such risks.

In response, GMX paused trading on Avalanche, engaged with security partners and major infrastructure providers, and initiated direct on-chain communication with the exploiter.

Minting and redemption of GLP on Arbitrum has been temporarily disabled pending the protocol’s transition plan and user reimbursement process.

GMX confirmed that GLP minting on Avalanche is also paused, though redemptions remain active. V1 positions will be wound down and migrated to a reimbursement pool for affected users, and all remaining V1 orders should be cancelled.

GMX has also issued a warning to all V1 forks, urging them to immediately implement fixes and security audits to avoid similar vulnerabilities.

The post GMX Hacker Strikes White-Hat Deal: $42M Heist Turns $3M Profit After $5M Bounty Offer appeared first on Cryptonews.


Credit: Source link

ShareTweetSendPinShare
Previous Post

5 best CRM software for hotels in 2025

Next Post

A space has opened up in British politics

Next Post
A space has opened up in British politics

A space has opened up in British politics

Iran Struck 5 Countries, ADA Dropped to alt=

Iran Struck 5 Countries, ADA Dropped to $0.16: But Kraken Staked $1B

July 13, 2026
Trump reduces size of two national monuments by 90% in efforts to expand land development

Trump reduces size of two national monuments by 90% in efforts to expand land development

July 14, 2026
China hits out at British Steel nationalisation

China hits out at British Steel nationalisation

July 17, 2026
Iran strikes Saudi Arabia for first time in months

Iran strikes Saudi Arabia for first time in months

July 18, 2026
Moonshot’s Kimi K3 pushes Chinese AI into Fable-level territory

Moonshot’s Kimi K3 pushes Chinese AI into Fable-level territory

July 17, 2026
Robinhood Chain vs Base: Gas Subsidy Fuels L2 Surge

Robinhood Chain vs Base: Gas Subsidy Fuels L2 Surge

July 13, 2026
BusinessPostCorner.com

BusinessPostCorner.com is an online news portal that aims to share the latest news about following topics: Accounting, Tax, Business, Finance, Crypto, Management, Human resources and Marketing. Feel free to get in touch with us!

Recent News

Nvidia and Apple get a cut of every baby’s ,000 Trump Account

Nvidia and Apple get a cut of every baby’s $1,000 Trump Account

July 19, 2026
Singapore weighs hedge fund tax cuts to rival Hong Kong

Singapore weighs hedge fund tax cuts to rival Hong Kong

July 19, 2026

Our Newsletter!

Loading
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2023 businesspostcorner.com - All Rights Reserved!

No Result
View All Result
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources

© 2023 businesspostcorner.com - All Rights Reserved!