GMX Exploiter Starts Returning $40M in Stolen Crypto After Bounty Deal

The attacker who exploited the GMX v1 decentralized exchange (DEX) and stole $40 million in crypto began returning the stolen funds after sending an onchain message promising to return the crypto. 

In an onchain message flagged by blockchain security firm PeckShield, the hacker wrote that the funds will be returned. “Ok, funds will be returned later,” the exploiter wrote in an onchain message, accepting the bounty offered by the GMX team. 

Hacker begins returning stolen crypto

Almost an hour later, the hacker started returning the crypto stolen from the attack. At the time of writing, the address labeled GMX Exploiter 2 had returned about $9 million in Ether (ETH) to the Ethereum address specified by the GMX team in an onchain message. 

PeckShield flagged that the attacker returned about $5.5 million in FRAX tokens to the GMX team. After a while, the hacker returned another $5 million in FRAX tokens to the GMX address. 

At the time of writing, about $20 million in assets had been returned to GMX.

The exploit on Wednesday targeted a liquidity pool on GMX v1, the first iteration of the perpetual trading platform deployed on Arbitrum.

The attacker drained various crypto assets from the platform after exploiting a design flaw to manipulate the value of GLP tokens.

GMX offered a $5 million bounty to the attacker

In an X post, the GMX team recognized the abilities of the hacker and offered a bounty of $5 million for the return of the funds stolen during the attack.

The team promised that the amount would be categorized as a white hat bounty that the hacker could freely spend as soon as the funds were returned. 

“You’ve successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions,” GMX wrote. “The white hat bug bounty of $5 million continues to be available.”

The GMX team said that this would allow the hacker to remove the risks associated with spending stolen funds. The team even offered to provide proof of the source of funds should the hacker require it. 

In an onchain message, the GMX team also told the hacker they would pursue legal action in 48 hours if the funds were not returned.

In the message, the team said the hacker could take 10% of the stolen funds as a white hat bounty reward as long as 90% of the crypto was returned to the addresses they specified. 

Related: Brazil’s central bank service provider hacked, $140M stolen

Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why