The crypto world reeled as news broke that the GMX hacker who stole $40 million has begun returning the funds. The dramatic reversal followed a $5 million white hat bounty offer from the GMX team.
Tension soared after the exploit, with users fearing permanent losses. But an unexpected on-chain message from the hacker promised to return the stolen assets, igniting hope across the DeFi community.
Why did the GMX hacker decide to return the stolen crypto?
The hacker exploited a flaw in GMX’s V1 platform on Arbitrum, draining a mix of stablecoins, wrapped Bitcoin, and Ethereum. Within hours, the GMX team reached out via on-chain message, offering a 10% bounty if 90% of the funds were returned within 48 hours.
After initially converting much of the loot to Ether, the attacker saw the value of their holdings rise as ETH prices surged by 14%. Yet, the risk of legal action and the public bounty offer created mounting pressure. At 7:29 am London time, the exploiter sent a brief on-chain message: “Ok, funds will be returned later.”
Did you know?
The GMX hack is one of the largest DeFi exploits to see a majority of stolen funds returned, with the attacker keeping only about 10% as a bounty-an approach rarely seen in previous major crypto thefts.
Could this white hat bounty change how DeFi hacks are handled?
Almost immediately, the hacker began returning funds. The first transactions included $10.4 million in stablecoins, followed by 10,000 Ether and other assets, totaling over $40 million by Friday morning.
The GMX team’s strategy was clear: reward cooperation, but threaten consequences. They publicly recognized the hacker’s technical skills, offering the $5 million white hat bounty as a way to avoid criminal liability and enjoy a legitimate payout.
ALSO READ | Bitcoin Shatters Records, Soars Past $118,000 as Investors Rush In!
The GMX team offered a $5 million bounty to the attacker
The bounty was not just a reward but a calculated move to deter further laundering and incentivize the return of assets. The team promised to provide proof of origin for the bounty, helping the hacker avoid the risks of spending tainted funds.
Simultaneously, GMX issued a warning, threatening legal action if the assets did not return within 48 hours. This combination of incentives and consequences appears to have swayed the attacker, as they began returning funds in significant amounts.
GMX’s V1 platform exploit exposes DeFi vulnerabilities
The exploit targeted a liquidity pool backing the GLP token, exposing a design flaw that allowed manipulation of token value. The breach forced GMX to halt trading and suspend minting and redeeming GLP on both the Arbitrum and Avalanche networks.
While the V2 platform and GMX’s native token remained unaffected, the hack highlighted the ongoing risks facing decentralized finance. Blockchain experts estimate that losses from similar attacks have exceeded $2 billion in the first half of 2025 alone.
What’s next for GMX and DeFi security?
As of Friday, the hacker had returned most of the stolen funds, retaining only about $5 million, roughly 10%, as the agreed bounty. The GMX team is now focused on a full postmortem review and strengthening platform security.
This high-profile case could set a new precedent for handling DeFi hacks, blending negotiation, incentives, and legal threats. The crypto industry will be watching closely as GMX works to restore trust and enhance its defenses.
Comments (0)
Please sign in to leave a comment
No comments yet. Be the first to share your thoughts!