GMX Loses $40 Million in V1 Exploit, Halts Trading and Minting

A $40 million exploit on GMX’s V1 platform forced a trading halt after a flaw in its liquidity pool was used to mint tokens without backing.

(Photo of Markus Spiske on Unsplash)

Posted July 10, 2025 at 10:35 am EST.

Decentralized perpetual exchange GMX halted trading and token minting on its GMX V1 platform after suffering a major exploit that resulted in the theft of approximately $40 million from its GLP liquidity pool.

The attack targeted the GLP pool on Arbitrum and Avalanche, draining a mix of digital assets including bitcoin, ether, stablecoins, and other tokens into an unknown wallet.

This story is an excerpt from the Unchained Daily newsletter.

Subscribe here to get these updates in your email for free

Blockchain security firm SlowMist attributed the attack to a design flaw in the GLP pricing mechanism, specifically a re-entrancy vulnerability that allowed the attacker to manipulate the calculation of assets under management and repeatedly mint GLP tokens without proper collateral.

GMX said it is investigating the exploit and has offered a 10% white hat bounty to the attacker for the return of the stolen funds.

The exchange’s native token GMX dropped 20% after news of the exploit to an intraday low of $10.33.