GMX exploiter returns stolen crypto after $42m hack

Markets 2026-01-14 10:12

GMX exploiter returns stolen crypto after m hack

  • The GMX exploiter has returned most of the funds they stole from the protocol.

  • The GMX team offered the exploiter a 10% white hat bounty.

The exploiter who swiped $42 million from GMX returned almost all the stolen funds on Friday morning after receiving a bounty offer from members of the decentralised perpetual futures exchange’s team

On Wednesday, the exploiter used bugs in a version of GMX’s codebase to steal the funds, including stablecoins and wrapped versions of Bitcoin and Ethereum, among others.

At 7:29 am London time, the exploiter sent a short onchain message directed to the GMX team. “Ok, funds will be returned later,” the message said.

The exploiter began returning the funds at 9:08 am, sending $10.4 million worth of stablecoins over two transactions, onchain records show. Over the hours that followed, they returned a further 10,000 Ether and other assets totalling $40.5 million.

“Thank you ser, we love GMX,” an Arbitrum address belonging to an unknown observer said in an onchain message sent to the exploiter.

The return of funds comes after the GMX team engaged the exploiter via an onchain message shortly after the hack, offering a 10% white hat bounty for the return of the stolen funds within 48 hours.

It’s not clear if the exploiter decided to accept the 10% bounty, as they returned more than 90% of the stolen funds.

When the exploiter stole the funds, they converted most of them into Ether. Since then, the price of Ether increased by around 14%.

The exploiter still holds 1,700 Ether worth $5.1 million.

Re-entrancy attack

GMX published a post-mortem of the attack on Thursday.

It identified that the root cause of the exploit was a re-entrancy attack, a type of vulnerability that allows an attacker to interact with a smart contract more times than should be possible, allowing them to repeat certain actions, like withdrawals, and drain funds.

Re-entrancy attacks are one of the most commonly exploited vulnerabilities in DeFi, despite them being identified as a problem as far back as 2016.

Other protocols that used GMX’s code, called forks, could still be at risk.

“We urge all GMX V1 forks to take the necessary steps to prevent this exploit, if these haven’t already been taken,” GMX said.

Uncommon

Exploiters returning funds after hacking decentralised finance protocols is uncommon, but not unheard of.

One of the most high-profile cases of an exploiter returning funds happened after the Euler Finance hack in 2023. The exploiter eventually returned the $176 million worth of stolen crypto two weeks after stealing it.

However, many more exploits don’t have such happy endings.

In February, a hacker stole an eye-watering $1.4 billion from crypto exchange Bybit in a complex attack that involved compromising the exchange’s wallet provider, Safe.

Share to:

This content is for informational purposes only and does not constitute investment advice.

Bounce Banana Arweave Mubarak Audiera
Recommended Reading
2026-01-14 10:12
GMX exploiter returns stolen crypto after $42m hack
2026-01-14 10:10
From Bybit to GMX: The 10 biggest crypto hacks of 2025
2026-01-14 10:07
GMX Hackers Return 90% of the Stolen Money, Prompting Token Rally
2026-01-14 09:38
BlockDAG's $0.003 Presale Vanishes January 26: Grab 1,566% Gains Before Pi and Ondo Momentum Fades
2026-01-14 09:38
As Ethena and Ondo Slide, Zero Knowledge Proof (ZKP) Viral Presale Signals a Potential 3000x Breakout
2026-01-14 09:38
Ukraine Blocks Polymarket as War-Related Betting Crosses a Red Line

Popular Articles

Curated Series

SuperEx Popular Science Articles Column

SuperEx Popular Science Articles Column

This collection features informative articles about SuperEx, aiming to simplify complex cryptocurrency concepts for a wider audience. It covers the basics of trading, blockchain technology, and the features of the SuperEx platform. Through easy-to-understand content, it helps users navigate the world of digital assets with confidence and clarity.
Unstaked related news and market dynamics research

Unstaked related news and market dynamics research

Unstaked (UNSD) is a blockchain platform integrating AI agents for automated community engagement and social media interactions. Its native token supports governance, staking, and ecosystem features. This special feature explores Unstaked’s market updates, token dynamics, and platform development.
XRP News and Research

XRP News and Research

This series focuses on XRP, covering the latest news, market dynamics, and in-depth research. Featured analysis includes price trends, regulatory developments, and ecosystem growth, providing a clear overview of XRP's position and potential in the cryptocurrency market.
How do beginners trade options?How does option trading work?

How do beginners trade options?How does option trading work?

This special feature introduces the fundamentals of options trading for beginners, explaining how options work, their main types, and the mechanics behind trading them. It also explores key strategies, potential risks, and practical tips, helping readers build a clear foundation to approach the options market with confidence.

What are the risks of investing in cryptocurrency?

What are the risks of investing in cryptocurrency?

This special feature covers the risks of investing in cryptocurrency, explaining common challenges such as market volatility, security vulnerabilities, regulatory uncertainties, and potential scams. It also provides analysis of risk management strategies and mitigation techniques, helping readers gain a clear understanding of how to navigate the crypto market safely.