I told you. Ethereum L2 based exchange @GMX_IO exploited using reentrancy attack. On July 9, 2025, the decentralized perpetual futures exchange GMX suffered a significant exploit on its V1 protocol on @Arbitrum, resulting in approximately $42 million in crypto assets being drained from its GLP liquidity pool. The hacker exploited a vulnerability, likely a re-entrancy attack, to mint abnormal amounts of GLP tokens and redeem them for assets like USDC, ETH, DAI, FRAX, wrapped Bitcoin (wBTC), and others. Around $9.6 million of the stolen funds were bridged from Arbitrum to Ethereum, with the remaining $32 million still on Arbitrum. GMX responded by halting trading on GMX V1 and disabling GLP minting and redeeming on both Arbitrum and Avalanche to prevent further attacks. The team confirmed the exploit was isolated to GMX V1, leaving V2, other markets, and the GMX token unaffected. They offered the hacker a 10% white-hat bounty (about $4.2 million) to return the remaining funds within 48 hours, promising no legal action if complied. The GMX token price crashed, dropping 15-28% to as low as $11.20-$12.51. Blockchain security firms like PeckShield and SlowMist attributed the exploit to a design flaw in GLP token price manipulation. The incident, part of $2.5 billion in crypto hacks in 2025, has raised concerns about DeFi security, despite GMX’s audited contracts. The team is investigating with security partners, and no official statement on the exact exploit vector has been released. As I’ve been saying to an onslaught of hate, Ethereum L2 is the biggest risk to crypto.