Crypto Exploit Leaves Hacker Swimming in 11,700 ETH—and GMX in a Panic

On July 9, GMX—a decentralized trading platform where people with too much money and too little trust issues place bets—got a serious unwanted makeover courtesy of a hacker with impressive keyboard skills. The hacker helped themselves to a buffet of $42 million in various cryptocurrencies. Weekend plans: ruined. But hey, at least it wasn’t my Venmo.

Since then, like an overexcited squirrel hoarding digital acorns, our mystery hacker swapped most of the loot for 11,700 ETH. You know, just in case they need to buy an island or, more realistically, a lot of really nice cat NFTs. Because priorities. 🐱‍💻

The GMX Mess—er, Hack

This all went down on a Wednesday (because if you’re going to throw the financial world into chaos, why not do it in the middle of the week?). The hacker nabbed over $10 million of old-school Frax Dollar (FRAX), $9.6 million in wrapped Bitcoin (wBTC), and about $5 million in DAI—because why settle for one boring digital coin when you can build yourself a full gluten-free, blockchain-approved buffet?

Immediately after, $9.6 million crossed the blockchain border into Ethereum territory and morphed into DAI and ETH, while a cool $32 million just chilled on Arbitrum, probably waiting for the next season of “Crypto Survivors.”

GMX confirmed the hack by posting on X (formerly Twitter, forever an identity crisis):

“The GLP pool of GMX V1 on Arbitrum has experienced an exploit. Approximately $40M in tokens has been transferred from the GLP pool to an unknown wallet.”

For anyone keeping score: the villain swapped almost all the digital loot for 11,700 ETH (thank you, Lookonchain, for the blockchain snooping). The only thing left out of the hacker’s cart? FRAX. Is it emotional baggage? Unclear. Anyway, the ETH quickly disappeared into four brand-spanking-new wallets. 👀

In a move straight out of “White Collars and Olive Branches,” GMX offered a $4.2 million white-hat bounty and even said they’d call off the blockchain detectives if the hacker returned most of the cash within 48 hours. Not to spoil the end of the movie: the hacker hasn’t called them back.

Re-Entrancy Bug: When Bad Code Happens to Good Platforms

No full autopsy report yet, but word on the digital street is the hack went down thanks to a design quirk in GMX V1. SlowMist (the cyber equivalent of the Scooby Gang) said the attacker manipulated the token price using a re-entrancy exploit—a sort of “infinity mirror” approach to siphoning funds while the smart contract thinks everything is fine. “It’s not a bug, it’s a feature!”—said no one at GMX this week.

The hacker opened huge short positions in just one go, twisted the global price, and walked away richer for the effort. It’s basically the crypto version of convincing your sibling Mom said you get ALL the Halloween candy.

And if you think this kind of thing is rare, please take a seat. Hacks like these are the bread and butter of crypto drama; CertiK’s report says over $801.3 million vanished across 144 incidents in Q2 2025. Phishing is still in first place for “most likely to ruin your coffee break,” but code vulnerabilities are catching up fast. Maybe don’t keep all your eggs—or coins—in one (digital) basket. 🧺🚫

Read More

2025-07-11 01:35