I told you. Ethereum L2 based exchange @GMX_IO exploited using reentrancy attack.
On July 9, 2025, the decentralized perpetual futures exchange GMX suffered a significant exploit on its V1 protocol on @Arbitrum, resulting in approximately $42 million in crypto assets being drained from its GLP liquidity pool. The hacker exploited a vulnerability, likely a re-entrancy attack, to mint abnormal amounts of GLP tokens and redeem them for assets like USDC, ETH, DAI, FRAX, wrapped Bitcoin (wBTC), and others. Around $9.6 million of the stolen funds were bridged from Arbitrum to Ethereum, with the remaining $32 million still on Arbitrum.
GMX responded by halting trading on GMX V1 and disabling GLP minting and redeeming on both Arbitrum and Avalanche to prevent further attacks. The team confirmed the exploit was isolated to GMX V1, leaving V2, other markets, and the GMX token unaffected. They offered the hacker a 10% white-hat bounty (about $4.2 million) to return the remaining funds within 48 hours, promising no legal action if complied.
The GMX token price crashed, dropping 15-28% to as low as $11.20-$12.51. Blockchain security firms like PeckShield and SlowMist attributed the exploit to a design flaw in GLP token price manipulation. The incident, part of $2.5 billion in crypto hacks in 2025, has raised concerns about DeFi security, despite GMX’s audited contracts. The team is investigating with security partners, and no official statement on the exact exploit vector has been released.
As I’ve been saying to an onslaught of hate, Ethereum L2 is the biggest risk to crypto.
34.95K
100
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.