In an unexpected turn, the hacker behind the $40 million exploit of GMX’s Arbitrum-based trading pool has started handing back the stolen crypto—beginning with a $10.5 million return in FRAX and later transferring 9,000 ETH (worth $27 million).
The move follows GMX’s public offer of a $5 million white-hat bounty and a promise of no legal action if the funds were returned swiftly.
The attack earlier this week targeted GMX’s V1 GLP pool, exploiting a re-entrancy flaw in the OrderBook contract to manipulate BTC short pricing and extract massive gains. As a result, GMX froze all V1 activity on Arbitrum and Avalanche while confirming that V2 operations and the GMX token remained untouched.
Blockchain security firm PeckShield flagged the return transactions shortly after the hacker responded onchain with a simple: “ok, funds will be returned later.” GMX publicly acknowledged the gesture with appreciation.
The exploit initially sent the GMX token plummeting 28% to $10.45, but it bounced back sharply—rallying over 14% to around $13.25—as confidence began to rebuild on news of the returned assets.
A post-mortem confirmed the nature of the bug, and GMX has since deactivated GLP minting on Arbitrum permanently. Reimbursement plans are in the works, with DAO discussions planned to finalize user compensation strategies.
GMX, which offers high-leverage crypto trading and has processed over $300 billion in volume, says this incident will shape how it approaches contract security moving forward—especially for those replicating V1’s architecture.
Alexander Zdravkov
Reporter at Coindoo
Alexander Zdravkov is a person who always looks for the logic behind things. He is fluent in German and has more than 3 years of experience in the crypto space, where he skillfully identifies new trends in the world of digital currencies. Whether providing in-depth analysis or daily reports on all topics, his deep understanding and enthusiasm for what he does make him a valuable member of the team.
Source: https://coindoo.com/gmx-recovers-millions-as-exploiter-responds-to-5m-bounty/