The attacker who exploited the GMX v1 decentralized exchange (DEX) and stole $40 million in crypto started returning the stolen funds after sending an onchain message promising to return the crypto taken during the hack.
In an onchain message flagged by blockchain security firm PeckShield, the hacker wrote that the funds will be returned. “Ok, funds will be returned later,” the exploiter wrote in an onchain message, accepting the bounty offered by the GMX team.
Hacker begins returning stolen crypto
Almost an hour later, the hacker started returning the crypto stolen from the attack. At the time of writing, the address labeled GMX Exploiter 2 returned about $9 million in Ether (ETH) to the Ethereum address specified by the GMX team in an onchain message.
Furthermore, PeckShield flagged that the attacker returned about $5.5 million in FRAX tokens to the GMX team. After a while, the hacker returned another $5 million in FRAX tokens to the GMX address.
At the time of writing, about $20 million in assets had already been returned to GMX.
The exploit on Wednesday targeted a liquidity pool on GMX v1, the first iteration of the perpetual trading platform deployed on Arbitrum.
The attacker drained various crypto assets from the platform after exploiting a design flaw that allowed the attacker to manipulate the value of GLP tokens.
GMX offered a $5 million bounty to the attacker
In an X post, the GMX team recognized the abilities of the hacker and offered a bounty of $5 million for the return of the funds stolen during the attack.
The team promised that the amount would be categorized as a white hat bounty that the hacker could freely spend as soon as the funds were returned.
“You’ve successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions,” GMX wrote. “The white hat bug bounty of $5 million continues to be available.”
The GMX team said that this would allow the hacker to remove the risks associated with spending stolen funds. The team even offered to provide proof of the source of funds should the hacker require it.
On the other hand, the GMX team threatened to pursue legal action if the hacker did not return the stolen funds.
In an onchain message, the GMX team told the hacker they would pursue legal action in 48 hours if the funds were not returned.
In the message, the team said the hacker can take 10% of the stolen funds as a white hat bounty reward as long as 90% of the crypto is returned to the addresses they specified.
Related: Brazil’s central bank service provider hacked, $140M stolen
Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why
Read the full article here
