The decentralized cryptocurrency exchange GMX has suffered a large-scale hacker attack, resulting in the theft of approximately $40 million. The incident occurred on the first version of the GMX platform, GMX V1, which operates on the Arbitrum blockchain, and directly impacted the GLP liquidity pool.
This is reported by Business • Media
Causes of the Attack and Actions Taken by the GMX Team
The vulnerability was found specifically in the GMX V1 liquidity pool on Arbitrum. Following the attack, the GMX team promptly suspended trading and the issuance of GLP tokens on the Arbitrum and Avalanche networks to prevent further losses. Users were advised to disable leverage and adjust their settings to minimize risks.
Experts note that the affected GLP pool combines various assets, including Bitcoin, Ethereum, and stablecoins, serving as the main liquidity provider for the platform.
“Using a re-entry attack, the hackers successfully opened large short positions to manipulate global average prices, artificially inflating GLP prices within a single transaction and profiting from redemption operations,” the analysts’ report states.
Vulnerability, Consequences, and Market Reaction
According to the developers, the newer version of the protocol — GMX V2, along with its token, liquidity pools, and markets, were not damaged as a result of this attack. The company SlowMist explains that the incident was caused by an error in the asset management calculation mechanism, which allowed hackers to manipulate the GLP price through short position operations and influence global average prices.
This incident is just one of a series of large-scale attacks on crypto projects in 2025. Since the beginning of the year, the total losses in the industry from hacker breaches have exceeded $2.1 billion. Among the largest cases are the hack of the Bybit exchange with losses of $1.46 billion, as well as the attack on the Iranian exchange Nobitex, which lost $81 million.
GMX emphasizes that an investigation is ongoing and active work is being done to mitigate the consequences of the attack. Experts stress the need to enhance the security of DeFi platforms, particularly in the design of liquidity pools and pricing mechanisms, to prevent similar incidents in the future.