Decentralized exchange GMX confirmed a significant security breach on Wednesday morning, stating that over $40 million in cryptocurrency was stolen from its platform. The company, which allows users to speculate on various cryptocurrencies, is currently investigating how the exploit occurred, despite having undergone numerous audits from top security specialists in the past. Following the incident, trading on GMX was disabled as blockchain security firms verified the theft and tracked approximately $43 million in user funds exiting the platform.
The stolen funds were quickly laundered by the hacker, who converted batches of the cryptocurrency into Ethereum and the U.S.-dollar pegged stablecoins USDC and DAI.
This rapid laundering drew criticism from some online observers who argued that cryptocurrency companies, particularly those controlling stablecoins like Circle, should be quicker to blacklist addresses involved in criminal thefts. GMX, launched in 2021, boasts 714,000 users and a total trading volume of $305 billion, highlighting the scale of this security incident.
In an effort to recover the stolen assets, GMX sent a message to the hacker on the Ethereum blockchain, offering a 10% bounty for the return of 90% of the funds within 48 hours. The company also stated it would not pursue litigation if the funds were returned, a tactic that has been employed by other cryptocurrency firms to entice hackers.
However, federal prosecutors have historically shown willingness to charge crypto hackers regardless of victim cooperation, making such legal claims dubious.
Following the exploit, GMX and security experts shared technical advice with other connected platforms, aiming to help them protect themselves from similar vulnerabilities. This incident is not isolated within the decentralized finance (DeFi) space; just two weeks prior, the Resupply platform was hacked, resulting in a $10 million cryptocurrency theft. These events underscore a growing trend of cyberattacks targeting digital asset operations.
According to blockchain security company TRM Labs, the first half of 2025 alone saw $2.1 billion stolen from crypto exchanges and other digital asset operations across at least 75 confirmed cyberattacks. This represents a 10% increase compared to the previous record set in 2022. Even excluding a massive $1.5 billion theft by North Korea from the Bybit exchange, the company reported over $100 million in losses in four out of the six months within that period, indicating a persistent and escalating threat landscape for the cryptocurrency industry.
Reference:
