- GMX lost approximately $42 million due to a design flaw.
- SlowMist identified the vulnerability in GMX v1.
- Trading paused, a bounty offered for fund return.
GMX v1 on Arbitrum suffered a $42 million exploit on July 10, 2025, due to a design flaw, identified by security firm SlowMist, prompting immediate protocol suspensions.
The exploit exposes potential vulnerabilities and underscores the challenges in ensuring DeFi security, swiftly impacting market confidence.
The security breach at GMX revealed vulnerabilities in their v1 design. Users suffered significant losses when hackers exploited this flaw to manipulate GLP token prices, draining funds from the liquidity pool.
Key players include SlowMist, who identified the vulnerability, and the GMX Core Team, who took prompt action by suspending trading activities and offering a 10% bounty for the return of stolen assets.
Financial markets saw immediate repercussions. The value of GMX’s governance token fell sharply. The exploit resulted in a loss of public trust, underlining the need for robust security measures in DeFi platforms.
“The vulnerability arises from the immediate update of the global average price when handling short positions. This price directly affects the calculation of the total asset under management (AUM), leading to potential manipulation of the GLP token price.” – @im23pds, CISO, SlowMist
The loss affected major stablecoins like USDC and pressured DeFi protocols to tighten security defenses. It highlighted vulnerabilities in decentralized mechanics, impacting their usability and trustworthiness among users.
Historically, design flaws and reentrancy vulnerabilities have plagued the DeFi sector. This incident accentuates the importance of continual security audits and improvements, aiming for safer crypto ecosystems. The event forecasts heightened scrutiny and innovation in crypto security.