Hacker Returns Stolen Crypto After GMX Exploit
The hacker who compromised the GMX v1 decentralized exchange (DEX) and made off with $40 million in cryptocurrency has surprisingly began giving back the funds. This comes after they sent a message on the blockchain, assuring that the stolen crypto can be returned.
Promises of Returning the Loot
Blockchain security experts at PeckShield highlighted an onchain message from the attacker, where they pledged to return the funds. The message read, “Ok, funds will be returned later,” indicating that the hacker was accepting the GMX team’s bounty offer.
Crypto Starts Flowing Back
Within an hour of the promise, the hacker began the means of returning the stolen assets. As of the most recent update, the account tagged as GMX Exploiter 2 has returned roughly $9 million in Ether (ETH) to the Ethereum wallet designated by the GMX team.
In addition, PeckShield reported that the hacker sent back around $5.5 million in FRAX tokens, followed by one other batch of $5 million in FRAX tokens to the GMX address. At this point, GMX has received about $20 million in returned assets.
The breach occurred when the hacker exploited a vulnerability within the liquidity pool of GMX v1, the initial version of the perpetual trading platform on Arbitrum. The attacker managed to siphon off various cryptocurrencies by manipulating the valuation of GLP tokens.
GMX’s $5 Million Bounty Offer
In a post on X (formerly Twitter), GMX acknowledged the hacker’s skill and prolonged a $5 million bounty for the return of the stolen assets. This amount was classified as a white hat bounty, allowing the hacker to spend it freely once the funds were returned.
“You’ve successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions,” the GMX team noted. They emphasized that the $5 million bounty stays on the table.
Legal Threats and Bounty Policy
The GMX team expressed that returning the funds would eliminate the legal risks related to spending stolen money. They even offered to confirm the source of the funds if needed by the hacker.
However, GMX also warned of potential legal repercussions. They issued an onchain message threatening to take legal motion inside 48 hours if the stolen crypto wasn’t returned. The team proposed that the hacker could keep 10% of the stolen funds as a reward, provided 90% was returned to the addresses they specified.
