Decentralized exchange GMX suffered a price manipulation on the AVAX/USD pair, resulting in losses of $565,000.
AVAX/USD Pair Exploited
As per a tweet on Sunday by security firm PeckShield, the exchange was attacked by a price manipulation exploit worth around $565,000 on the AVAX/USD pair.
The tweet, which has since been deleted, read,
“Seems like $GMX on Avalanche was exploited, resulting in $565k profit. Be Alert.”
The decentralized crypto exchange GMX is powered by Arbitrum and Avalanche platforms and offers spot trading and perpetual contracts, allowing traders to leverage upto 30 times the margin on futures trades. The GMX DEX has over $342 million locked up on the layer-2 ETH solution, Arbitrum, and $67 million locked on the Avalanche blockchain.
Reducing OI Availability On $AVAX Trading
Soon after the news of the exploit broke, the decentralized exchange (DEX) capped AVAX long perpetual futures at $2 million and AVAX short perpetual futures at $1 million.
The GMX team tweeted,
“We were notified of price manipulation of AVAX/USD on reference exchanges by monitoring systems and community members. While we review the occurrence, open-interest for AVAX has been capped at $2m long / $1m short. GLP and GMX trading markets continue to operate normally.”
However, the announcement has still not answered all the concerns as certain users are worried that since the price manipulation can happen offsite, using a price oracle will only ensure post-fact mitigation.
GMX Was Warned Of Vulnerabilities
The DEX was previously warned of potential price manipulation by Zig-Zag’s founder, who goes by the Twitter handle @derpaderpederp. On September 3, they tweeted that anyone with an intimate knowledge of GMX could manipulate the price of ETH or AVAX. Attackers could buy $50 million of AVAX on GMX, then move on to buy $40 million of AVAX on centralized exchanges like Binance or Coinbase at an elevated buy price. Then they could close their long position on GMX and sell back the $40 million worth of AVAX to the centralized exchange at a discount, earning a sizeable profit in the process. On top of that, the entire process could be repeated multiple times, which could drain the GLP token (liquidity provider of GMX).
Avalanche-Based Flash Loan Exploit
This exploit on the Avalanche-based DEX is reminiscent of a recent attack on the Avalanche-based DeFi platform Nereus Finance. The attackers, in that case, leveraged a $51 million flash loan from Aave to manipulate the AVAX/USDC Trader Joe LP pool price and siphoned off $371,000.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2022/09/gmx-exchange-loses-565-k-in-avax-exploit