- The GMX hacker has returned stolen funds and taken $5 million as a bounty
- They exploited a vulnerability in GMX’s code and siphoned $40 million
- The attacker sent the $5 million bounty to coin-mixing platform Tornado Cash
The GMX hacker has returned the $40 million he had siphoned from the decentralized exchange on July 9 and taken $5 million as a bounty. GMX acknowledged that the stolen funds “are now safely in [its] security multisig” and added that it’s working on a distribution plan for presentation to the GMX DAO. GMX had reached out to the attacker through an on-chain message and offered a white-hat bug bounty, noting that returning the loot will help him “spend the funds freely.”
GMX Treasury To Pay the Hacker
The DEX stated that the $5 million bounty will be covered by the platform’s treasury funds allocated for bug bounties, thereby compensating all affected users. GMX told the attacker that it would be difficult to utilize the funds if he chose to keep the entire loot, noting that he’ll need to take “additional risks to access them.”
Posting this message in hopes of connecting with the individual responsible for the GMX V1 exploit.
You’ve successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions.
The white-hat bug bounty of $5 million continues…
— GMX 🫐 (@GMX_IO) July 10, 2025
In a post-mortem report, GMX disclosed that the exploit was caused by a re-entrancy attack allowing the attacker to manipulate the price of the exchange token, GLP. He then converted the tokens to BTC and ETH.
As a precaution, the exchange halted operations on Arbitrum and the minting of GLP tokens on Avalanche. GMX also said that it’ll initiate a governance discussion on GMX DAO to evaluate “potential reimbursement measures.”
More Hackers Opt for a Bounty
The GMX hacker’s decision to return the funds adds to a growing list of threat actors opting for a bounty instead of keeping the entire loot. Hackers opt to return the funds to avoid being on the run from law enforcement agencies and having to initiate complicated processes to launder the funds.
The GMX hacker isn’t the first to return stolen funds for a bounty. This year, ZKsync, 1inch, and Loopscale attackers are among those who returned the loot for a white hat bounty. Others, like the Cork hacker, opted to donate part of the loot to the Roman Storm defense.
Although the GMX hacker returned the funds, it’s to be seen whether the incident will affect GMX usage.
