An exploiter used re-entrancy bugs in GMX's codebase to steal ~$42M, then returned >90% (~$40.5M) after a 10% whitehat bounty offer.
In July 2025, an exploiter used re-entrancy bugs in a version of GMX's codebase to steal approximately $42M in stablecoins and wrapped BTC/ETH. GMX offered a 10% whitehat bounty, after which the exploiter returned more than 90% of the funds (~$40.5M).
No laundering activity observed. Exploiter voluntarily returned >90% of funds after whitehat bounty offer.
N/A