$40M Hack Forces DeFi Project GMX to Freeze V1 Operations

Decentralized derivatives platform GMX has suspended trading and GLP token minting on its V1 protocol following a $40 million exploit.

The breach targeted liquidity pools on the Arbitrum network containing assets like Bitcoin, Ether, and various stablecoins.

URGENT: for all GMX V1 forks, GMX V1 has been exploited.

The issue could potentially be mitigated by doing the below:

1. Disable leverage: this can be done by setting Vault.setIsLeverageEnabled(false) or, if Vault Timelock is used, by setting… https://t.co/BbcUSaXyq9

— GMX 🫐 (@GMX_IO) July 9, 2025

The stolen funds were transferred to an unknown wallet, prompting immediate action from the platform.

In response, GMX halted GLP minting and redemption on both Arbitrum and Avalanche networks to prevent further losses.

The team issued urgent instructions to all V1 fork operators, advising them to disable leverage using either Vault.setIsLeverageEnabled(false) or Timelock.setShouldToggleIsLeverageEnabled(false), and to set maxUsdgAmounts to “1”.

They emphasized that setting it to “0” would allow unlimited minting, worsening the situation.

🚨Update:
A @GMX_IO developer appears to have acknowledged a vulnerability in GMX V1 via on-chain message to the exploiter, offering a 10% whitehat bounty in exchange for returning the stolen funds.

🔗 Msg Tx: https://t.co/VCMjzn9uYB pic.twitter.com/DcbGUGXPcE

— SlowMist (@SlowMist_Team) July 9, 2025

GMX clarified that the exploit is limited to V1, and does not affect GMX V2, its markets, liquidity pools, or the GMX token itself.

According to blockchain security firm SlowMist, the attacker exploited a design flaw in how total assets under management were calculated, manipulating the GLP token price.

This incident highlights the persistent security risks in DeFi and adds to the growing list of crypto platform breaches in 2025.

About The Author