Hackers steal $ 42 million in digital assets from GMX cryptocurrency exchange

This week, the decentralized exchange GMX fell victim to an attack on Arbitrum’s network — the attackers managed to steal crypto assets worth about $ 42 million. The reason for this was an exploit in the GMX v1 protocol: the attacker took advantage of a flaw in the smart contract logic, manipulating the global price of shorts and the value of the GLP token through a function callback (reentrancy attack) and system features for short positions.

After the incident, the GMX team stopped GLP issuance on Arbitrum and Avalanche to prevent further losses. The exchange announced a 10% reward for white hackers who would help recover the stolen funds.

This event raised security concerns not only for GMX but for the entire DeFi ecosystem. The community has intensified discussions about the need for deeper audits and stricter security standards for decentralized platforms, as similar exploits have previously caused large losses in the industry.

«The fundamental reason for the theft of $ 42 million from GMX last night is that GMX v1 immediately updates the global average price of short positions when processing short positions, and this global average price directly affects the calculation of total assets under management, which in turn leads to manipulation of GLP token prices. The attacker took advantage of this design flaw… DeFi is indeed a very risky business,» — said Yu Xian, CEO of SlowMist