The hacker who drained GMX decentralized exchange (DEX) of around $42 million worth of assets has agreed to return the funds in exchange for a 10% bounty. The exploit targeted GMX’s V1 pool on Arbitrum and led to major disruptions.
The move comes after GMX offered a white‑hat bug bounty. The hacker has since returned $10.49 million in FRAX and holds the rest in ETH. Although the surge in ETH price has put funds valuation above the original amount, raising questions about profit.
Lookonchain reports that the hacker agreed to return $42 million in crypto in return for a 10% bounty, receiving around $5 million. Till now, $10.49 million in FRAX has been returned, with roughly $32 million of stolen tokens swapped into 11,700 ETH, now worth about $35 million, netting a gain of $3 million.
GMX had halted trading and GLP minting on Arbitrum and Avalanche after what it described as a re-entrancy attack. The attacker manipulated the OrderBook contract and inflated GLP prices, allowing withdrawal of large funds.
GMX publicly offered the 10% bounty through an on-chain message, assuring the hacker that no legal action would follow if the funds were returned within 48 hours. This prompt move was praised for limiting potential losses. So far, the protocol has received a total of $10.5 million via FRAX transfers.
Whatever remains in ETH is now being held across multiple wallets after conversion. PeckShield has tracked these movements and flagged around 9,000 ETH returns and the rest split for storage or possible mixing.
Following the hackers’ message, GMX’s native token spiked over 14%, which fell nearly 28% after the hack, dipping around $10.45. At the time of writing, GMX token is trading at $13.29–as per CoinMarketCap data.
A full post-mortem confirmed the hack only affected GMX V1 and not its V2 or native token. The breach prompted suspension of V1 features, guidance for forks, and internal review of smart contract vulnerabilities.
Going forward, GMX emphasized that it will route remaining funds to reimburse affected users and hold a DAO discussion on further action. For now, many await to see whether the hacker will surrender all 11,700 ETH or sell some to keep the $3 million profit.
Also Read: Florida AG Investigates Robinhood Over Crypto Trading Claims
