The attacker who exploited the GMX v1 decentralized exchange (DEX) and stole $40 million in crypto began returning the stolen funds after sending an onchain message promising to return the crypto.
In an onchain message flagged by blockchain security firm PeckShield, the hacker wrote that the funds will be returned. “Ok, funds will be returned later,” the exploiter wrote in an onchain message, accepting the bounty offered by the GMX team.
Almost an hour later, the hacker started returning the crypto stolen from the attack. At the time of writing, the address labeled GMX Exploiter 2 had returned about $9 million in Ether (ETH) to the Ethereum address specified by the GMX team in an onchain message.
PeckShield flagged that the attacker returned about $5.5 million in FRAX tokens to the GMX team. After a while, the hacker returned another $5 million in FRAX tokens to the GMX address.
At the time of writing, about $20 million in assets had been returned to GMX.
The exploit on Wednesday targeted a liquidity pool on GMX v1, the first iteration of the perpetual trading platform deployed on Arbitrum.
The attacker drained various crypto assets from the platform after exploiting a design flaw to manipulate the value of GLP tokens.
In an X post, the GMX team recognized the abilities of the hacker and offered a bounty of $5 million for the return of the funds stolen during the attack.
The team promised that the amount would be categorized as a white hat bounty that the hacker could freely spend as soon as the funds were returned.
“You’ve successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions,” GMX wrote. “The white hat bug bounty of $5 million continues to be available.”
The GMX team said that this would allow the hacker to remove the risks associated with spending stolen funds. The team even offered to provide proof of the source of funds should the hacker require it.
In an onchain message, the GMX team also told the hacker they would pursue legal action in 48 hours if the funds were not returned.
In the message, the team said the hacker could take 10% of the stolen funds as a white hat bounty reward as long as 90% of the crypto was returned to the addresses they specified.
Related: Brazil’s central bank service provider hacked, $140M stolen
Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why
By Kristin Marting. On 6 April 2026, TORCHES continues with a conversation with the incomparable…
The Rangers’ kids are coming alive, snapping the Rangers’ six game losing streak in a…
OKX’s X Layer is the 21st blockchain to integrate Aave, which recently surpassed the $1…
Half Man premieres 23 April on HBO and HBO Max in the US and 24…
Marginal Garfield generates an original Garfield cartoon every day based on posts from Marginal Revolution!…
You can find a classroom-ready copy of our Anticipation Guide prompts here. The Great Gatsby…