One of the most popular decentralized exchanges, GMX, was the target of a major cyber attack on July 9, 2025. The exploit resulted in the extraction of more than $42 million of the protocol’s funds, and GMX’s reaction came swiftly: a “white-hat bounty” offer of 10% of the amount in exchange for returning the money in full and avoiding legal action.
How did the attack happen?
According to DLNews, the attacker exploited GMX’s old GLP v1 contracts on the Arbitrum network, manipulating withdrawals through a custom smart contract. The transactions were triggered at around 13:34 (UTC), after the address used had previously been funded through Tornado Cash, suggesting a clear intent to mask the trail.
According to data published by CryptoNews, the amount stolen included over 6,260 ETH, along with stable tokens such as USDC, DAI, FRAX and wBTC.
Action taken by GMX
Once the incident was detected, the GMX team promptly blocked the GLP swapping and minting functionality on the Arbitrum and Avalanche networks. At the same time, an on-chain message was sent to the attacker’s address offering him 10% of the stolen amount (approximately USD 4.2 million) as a white-hat reward if he returned the remaining funds within 48 hours.
Coindesk confirms that the second version of the protocol (GLP v2) was not affected by the attack, and the team is investigating alongside security partners such as Cyvers and PeckShield.
Market impact
The exploit had visible consequences in the market: the GMX token saw a steep drop of almost 28%, temporarily reaching $11.20, according to DLNews. The DeFi community reacted swiftly, bringing up old vulnerabilities in v1 contracts, the lack of retirement of outdated code, and systemic exposure to sophisticated attacks, including bridge manipulation.
This incident comes in a broader context where attacks on DeFi infrastructure continue to intensify. According to the Hack3d report by CertiK, hackers have already stolen more than $2.47 billion in digital assets in the first half of 2025 alone – more than the total of $2.42 billion recorded in all of 2024.
Non-custodial solutions: control of funds remains with the user
Incidents like GMX underline a key reality: fund control is essential, not optional. For those who want security and autonomy in managing their digital assets, there are alternatives that don’t involve traditional centralized platforms or the complexity of DeFi protocols.
One of these options is ABARAI, a non-custodial exchange that allows you to swap directly from your wallet, without giving your funds to the platform.
Through the swap page, you can make swaps quickly and securely while retaining complete control of your keys: no account, no deposits and no identity.