The international world of cryptocurrency has been set abuzz with a recent hacking event that saw a successful attacker exploit the DEX GMX v1 decentralized exchange. The hacker made off with a considerable sum of a whopping $40 million in cryptocurrency. Yet, in an unexpected twist, the cyber culprit pledged to return the stolen funds via an onchain message and has indeed embarked on the process of returning the stolen cryptocurrency.
Hacker’s Promise to Return Stolen Funds
The hacking event of GMX v1 garnered international attention, especially when the attacker promised to return the stolen funds. The hacker’s intentions became clear once PeckShield, a blockchain security firm, flagged an onchain message sent by the attacker. Through this message, the criminal pledged to refund all the stolen funds. Subsequently, they accepted the bounty offered by the victimized GMX team, stating that the funds will be returned eventually.
Commencement of Cryptocurrency Return
What stood as a mere promise soon turned into action when almost an hour after the onchain message, the hacker initiated the process of returning the stolen cryptocurrency to the victimized exchange. At the time this report was written, an address dubbed the “GMX Exploiter 2,” which the attacker reportedly used, posted returns of $9 million in Ether to a particular Ethereum address specified by the GMX team in the onchain message.
Continuation of Recovery
Further scrutiny of the onchain messages divulges that the attacker returned $5.5 million in FRAX tokens to the GMX team. Within a short span, another significant sum of $5 million in FRAX tokens was returned to the GMX address. These recent recoveries indicate that, as of now, GMX has successfully redeemed about $20 million in assets.
Exploring the GMX v1 Hack
The attack on GMX v1 was a well-orchestrated exploit which primarily focused on a liquidity pool within the trading platform. A design flaw was manipulated to affect GLP token value, paving the way for the attacker to drain a varied range of crypto assets. The hacker’s adept skills were therefore quite clear, something which the GMX team publicly acknowledged in a post on the X platform.
GMX’s Offer to the Hacker
The GMX team not only lauded the abilities of the attacker but also offered a bounty of $5 million in return for the stolen funds. They indicated their intention to categorize the returned funds as a ‘white hat bounty,’ which the attacker could freely use as they pleased once they returned the stolen assets.
In justifying their offer, the GMX representatives asserted, “You’ve successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions.” They stated that the $5 million bounty would continue to be available to the hacker.
The Hacker’s Response to GMX’s Offer
Interestingly, the GMX team’s offer extended to providing proof of the funds’ source, should the attacker demand it. In a final onchain message, the GMX team warned the hacker of legal action within 48 hours if the funds were not returned. They proposed a 10% white hat bounty as a reward if the attacker returned 90% of the cryptocurrency to the addresses specified by the GMX team. It seems their approach has turned the tide given the recent crypto recoveries.
Global Impact
While this case has made ripples in the cryptocurrency sector, it is far from the only hacking event of its kind. Other recent occurrences include Brazil’s central bank service provider witnessing a $140M theft, and the Coinbase hack revealing that legal protection in such cases might not be as assured as we think.
