On July 9, when the news of a $40 million GMX hacker attack broke, the market reacted swiftly and brutally. The native token of this decentralized derivatives trading platform, GMX, plummeted 28% within a few hours, falling straight from $14.54 to an annual low of $10.45.
Panic spread as investors rushed to sell. Just two days later, however, an astonishing reversal occurred. News broke that the attacker agreed to return the funds, and the price of GMX Token immediately rebounded strongly, with a single-day increase of over 10%, reaching a high of 13.59 dollars.
This fluctuation reveals not only the extreme sensitivity of the cryptocurrency market to security events but also demonstrates the market’s rapid recovery ability in restoring confidence after a crisis is properly managed.
Crisis Erupts, $40 Million Vulnerability Attack Shocks the Market
On July 9, a tweet from GMX official dropped a bombshell in the crypto community: the GLP liquidity pool of GMX V1 version on Arbitrum suffered a vulnerability attack, with approximately $40 million in funds disappearing.
The stolen assets include various mainstream cryptocurrencies - WBTC, WETH, UNI, FRAX, LINK, USDC, and USDT.
The blockchain security firm Slow Mist quickly released an analysis report, pointing out that the root of the problem lies in the design flaw of GMX V1: when users establish a short position, the system immediately updates the global short average price (globalShortAveragePrices), and this data directly affects the calculation of assets under management (AUM).
Hackers are exploiting this mechanism vulnerability. They trigger the reentrancy vulnerability of the executeDecreaseOrder function through contract calls, repeatedly creating short positions and artificially raising the global average short price.
Due to AUM relying on this price calculation, the system mistakenly included the inflated short losses in the total assets, resulting in a malicious increase in the GLP valuation. The attacker subsequently redeemed GLP and extracted assets far exceeding the actual entitled share.
Crisis Management, Team Response, and White Hat Negotiation Strategy
In the face of a crisis, the GMX team demonstrated a rapid and professional response capability. Within hours of the attack, they immediately implemented three key measures:
- Suspend risk exposure: on Arbitrum and Avalanche Disable the trading functions of GMX V1 and the minting and redemption of GLP across the board.
- Clarify the scope of impact: It is clearly stated that the vulnerability only affects the V1 version, while GMX V2 and the native Token itself are not affected.
- Initiate white hat negotiations: Offer a 10% ($5 million) white hat bounty to the Hacker through on-chain messages, promising that if the remaining 90% of the funds are returned within 48 hours, no legal action will be taken.
"You have successfully executed the exploit; the ability in this regard is evident to those looking at the vulnerability trades. The $5 million white hat bounty is still valid." The GMX team wrote this in an on-chain message.
At the same time, GMX also released a technical guide to help V1 fork projects mitigate similar risks and plans to discuss further compensation measures through the DAO.
Market Reaction: The Dramatic Plunge and Rebound of Token Prices
Security incidents had an immediate impact on GMX token prices. Within 4 hours of the attack news being confirmed, GMX token plummeted over 25%, dropping from $14.54 all the way down to a low of $10.40.
Market panic sentiment is spreading, and investors are selling off in droves. Decentralized exchange data shows that the total value locked (TVL) of GMX has decreased by 20% in a single day, dropping from 500 million dollars to 400 million dollars.
The turning point occurred on July 11. The Hacker briefly responded via on-chain messages: "Okay, the funds will be returned later." Subsequently, the hacker’s address began transferring funds to the GMX deployer’s address, first 5.49 million FRAX, followed by another 5 million FRAX, with a total value exceeding 10 million dollars.
The market reacted very positively. As soon as the news broke, the price of GMX Token rose sharply, increasing by more than 10% on the day, closing at 12.56 USD. According to data from HTX exchange, GMX reached a high of 13.59 USD, with a 24-hour increase of 18.9%.
Fund Return, Hacker’s Unexpected Gains and Token Recovery
The hacker’s fund return process is full of dramatic twists:
- First Refund: The attacker first transferred 5.49 million FRAX (worth about 5.49 million USD) to the GMX deployer’s address.
- Subsequent Transfer: Another transfer of 5 million. FRAX Transfer
- Asset conversion: The hacker exchanged most of the remaining stolen assets for ETH
- Accidental appreciation: Due to Ethereum price The value of the remaining assets held by hackers has increased by approximately 3 million dollars.
As of July 11, over 10.49 million FRAX have been returned to GMX. As the fund returns progress steadily, the price of GMX Token continues to recover, reaching a high of $13.59, rebounding over 30% from its lowest point.
Analysts point out that this V-shaped rebound not only reflects the restoration of confidence brought by the return of funds, but also demonstrates the market’s recognition of GMX’s long-term value.
Future Path: Security Upgrades and Token Value Prospects
As the crisis gradually subsides, the GMX team has begun to plan the future path. The official announcement states that the GLP minting and redemption functions on Arbitrum will be permanently disabled, and the remaining funds will be used to compensate affected users.
On the technical level, the GMX team is conducting a comprehensive review of contract vulnerabilities, particularly the protection mechanisms against reentrancy attacks. They have also provided specific security recommendations for the fork project of GMX V1 to prevent similar incidents from happening again.
Despite facing setbacks, GMX’s fundamentals remain strong. As a leading decentralized spot and perpetual contract exchange on Arbitrum and Avalanche, GMX has processed a total trading volume of $306 billion since its launch in 2021, with over 715,000 users.
Its unique GLP liquidity pool model and zero slippage trading experience keep it competitive in the DeFi space. As of July 14, 2025, the trading price of GMX Token remains around $13.5, with a total market cap of approximately $139 million and a circulating supply of 10.2 million coins.
In the long run, multiple analysis institutions remain optimistic about the development of GMX. TokenInsight points out that GMX has a first-mover advantage and technological innovation in the DeFi derivatives track. Some forecasts suggest that with the improvement of security measures and the restoration of user confidence, the GMX Token is expected to challenge higher price levels in 2025.
Conclusion
The hacker ultimately chose to convert most of the stolen funds into ETH, and the unexpected surge in Ethereum’s price increased the value of the remaining assets by about 3 million dollars. This ironic financial gain adds a layer of dark humor to the entire event.
The GMX team has announced the permanent closure of the GLP minting and redemption functions on Arbitrum, fundamentally eliminating the possibility of similar attacks occurring again. With the improvement of security measures and the rebuilding of user confidence, GMX’s position as a key infrastructure for DeFi derivatives trading remains solid.
This incident will become an important case in the history of DeFi development, demonstrating how a professional team can turn a potentially fatal disaster into an opportunity to showcase resilience through rapid response and rational negotiation.
