Vulnerability cyber

GMX

Jul 11, 2025 1 min read
GMX

The decentralized exchange GMX experienced a $42 million theft due to a vulnerability in its platform. The hacker exploited a bug, stealing cryptocurrency worth $42 million. After negotiations, the hacker returned the stolen funds in exchange for a $5 million bounty. GMX assured users that their funds would be restored using bug bounty reserves. The vulnerability was later fixed, and the platform provided a detailed post-mortem. Despite the resolution, the hacker could still face legal consequences if identified, as seen in a similar case involving Mango Markets.

Source: https://therecord.media/hacker-returns-stolen-gmx-bounty

TPRM report: https://www.rankiteo.com/company/gmx-capital

"id": "gmx911080725",
"linkid": "gmx-capital",
"type": "Vulnerability",
"date": "7/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Cryptocurrency',
                        'name': 'GMX',
                        'size': '714,000 users',
                        'type': 'Decentralized Exchange'}],
 'attack_vector': 'Exploit of a vulnerability in the platform',
 'date_detected': '2023-09-06',
 'date_publicly_disclosed': '2023-09-06',
 'date_resolved': '2023-09-08',
 'description': 'A hacker stole $42 million from the decentralized exchange '
                'GMX and returned the funds in exchange for a $5 million '
                'bounty.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage',
            'financial_loss': '$42 million initially stolen',
            'legal_liabilities': 'Possible legal liability for the hacker if '
                                 'identified'},
 'investigation_status': 'Resolved',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'corrective_actions': 'Bug resolved in recent '
                                                  'updates to the platform',
                            'root_causes': 'Bug in the GMX platform'},
 'references': [{'source': 'Blockchain security companies'}],
 'regulatory_compliance': {'legal_actions': 'Possible legal action against the '
                                            'hacker'},
 'response': {'communication_strategy': 'Public statements and blockchain '
                                        'messages',
              'incident_response_plan_activated': True,
              'recovery_measures': 'Funds returned by the hacker',
              'remediation_measures': 'Bug resolved in recent updates to the '
                                      'platform'},
 'threat_actor': 'Unidentified hacker',
 'title': 'GMX Decentralized Exchange Cryptocurrency Theft',
 'type': 'Cryptocurrency Theft',
 'vulnerability_exploited': 'Bug in the GMX platform'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.