GMX initiated contact with the hacker, acknowledging their skill in executing the exploit and emphasizing the advantages of accepting the bounty over the risks associated with retaining the stolen funds. The company also assured users that their losses would be covered through its bug bounty treasury. Subsequently, the hacker confirmed on the blockchain their intent to return the funds, and GMX later verified the successful exchange of the bounty for the stolen cryptocurrency.
The hacker proceeded to transfer the funds, amounting to approximately $40.5 million, in increments of $5 million back to GMX accounts. The returned assets consisted of 10,000 ETH, valued at about $30 million, and $10.5 million in FRAX coin. GMX has since released a detailed post-mortem report, explaining the vulnerability that led to the theft and confirming that the bug has been rectified in recent platform updates.
GMX, launched in 2021, is a platform that enables users to trade and speculate on various cryptocurrencies, boasting 714,000 users and a total trading volume of $305 billion.
Despite the bounty agreement, the hacker could still face legal repercussions if identified. This is evidenced by the case of Avraham Eisenberg, who, despite negotiating the return of $67 million after a $110 million theft from Mango Markets, was still prosecuted and convicted on federal charges.
Eisenberg’s case, which involved charges of commodities fraud, market manipulation, and wire fraud, serves as a precedent, even though a judge is currently considering a retrial for the Mango Markets-related charges. Separately, Eisenberg was sentenced in May to 52 months in prison for possession of child sexual abuse material.
Reference: