The attacker returned almost all the funds stolen from the GMX protocol. He accepted the $5 million reward offered by the project team.
[td]Source: x.com[/td]An unknown person has withdrawn assets from the GLP coin pool to GMX V1 on the Arbitrum network . The hack affected USDC, FRAX, wBTC, and wETH.
The GMX team sent an on-chain message to the hacker. They offered him 10% of the amount as a reward and promised not to prosecute him if he returned the remaining 90% within 48 hours.
The hacker responded:
[td]"Okay, the funds will be returned later."[/td]Shortly after, he sent two tranches of 5.5 million FRAX and 5 million FRAX to the GMX address. The hacker later returned about 9,000 ETH (~$27 million).
Following the incident, the native GMX token fell by 28% to $10.45. Amid the news of the refund, the price rose by 15.8%. At the time of writing, the asset is trading at $13.3.
In the hack report, the team confirmed that V1 on Arbitrum suffered from a reentrancy vulnerability in the OrderBook contract. This allowed the attacker to manipulate the price of Bitcoin and withdraw liquidity with a profit.
The developers emphasized that the second version of the protocol is not affected. In the future, minting and GLP redemption on the Arbitrum network will be disabled. The remaining funds will be used to compensate for losses to users.
As a reminder, in June, the Resupply stablecoin protocol lost about $9.5 million as a result of a hack. Hacker exploits vulnerability in exchange rate calculation system.
The GMX team sent an on-chain message to the hacker. They offered him 10% of the amount as a reward and promised not to prosecute him if he returned the remaining 90% within 48 hours.
The hacker responded:
Following the incident, the native GMX token fell by 28% to $10.45. Amid the news of the refund, the price rose by 15.8%. At the time of writing, the asset is trading at $13.3.
In the hack report, the team confirmed that V1 on Arbitrum suffered from a reentrancy vulnerability in the OrderBook contract. This allowed the attacker to manipulate the price of Bitcoin and withdraw liquidity with a profit.
The developers emphasized that the second version of the protocol is not affected. In the future, minting and GLP redemption on the Arbitrum network will be disabled. The remaining funds will be used to compensate for losses to users.
As a reminder, in June, the Resupply stablecoin protocol lost about $9.5 million as a result of a hack. Hacker exploits vulnerability in exchange rate calculation system.