GMX Suspends Trading and Token Minting After $40M Hack

GMX confirmed that a design flaw in its V1 GLP pool on the Arbitrum network allowed hackers to manipulate pool pricing and withdraw nearly $40 million, prompting an immediate halt to trading, GLP minting and redemption. The decentralized exchange disclosed on July 9, 2025, that the exploited GLP pool comprised a diversified basket of BTC, ETH and stablecoins that back GMX’s perpetual trading markets.

Attack Method and Protocol Response

SlowMist, a blockchain security firm, attributed the breach to a protocol design flaw enabling attackers to miscalculate the pool’s total assets under management and mint excess GLP tokens before redeeming underlying assets. GMX emphasized that its V2 platform, token contract and other liquidity pools remain unaffected.

“The exploit does not affect GMX V2, its markets, or liquidity pools, nor the GMX token itself. Based on the available information, the vulnerability is limited to GMX V1 and its GLP pool,” the protocol stated in its official announcement on X.

Following the exploit, GMX disabled leverage functions, instructed users to turn off GLP minting in their settings, and bridged approximately $9.6 million of the stolen funds from Arbitrum to Ethereum for forensic tracking.

Market Impact and Recovery Efforts

GMX’s native token price fell by double digits after the exploit disclosure. The protocol offered a 10% “white hat” bounty for the return of stolen funds within 48 hours to incentivize ethical reporting.

On-chain analytics from DeBank reported that over $42 million was drained, suggesting some discrepancy in exact totals but confirming a multimillion-dollar loss. The incident isolated damage to the V1 platform while preserving V2 operations.

Since its launch in 2021, GMX has enabled decentralized perpetual futures trading with fee rebates paid in GLP. The exploit highlights ongoing security challenges within DeFi protocols managing complex liquidity mechanisms.