GMX has disclosed a critical vulnerability in its V1 decentralized trading platform that resulted in a $40 million exploit on July 9. The breach involved a sophisticated re-entrancy attack targeting the platform’s GLP token minting mechanism.
The attacker successfully manipulated a flaw in the GLP token’s short average price calculation system. This exploitation technique drained substantial underlying liquidity from the platform before GMX’s security team contained the incident.
In response, GMX immediately disabled all operations on its V1 platform and publicly extended a white-hat bounty offer. The protocol pledged 10% of the stolen assets ($4 million) for the attacker’s cooperation in returning the remaining funds while pursuing comprehensive security enhancements.
The incident underscores persistent vulnerabilities within decentralized finance infrastructures, particularly concerning complex tokenomics and liquidity systems. Industry analysts note parallels to the 2016 DAO hack, emphasizing the recurring challenge of eliminating smart contract exploits despite years of DeFi maturation.