GMX hacker chooses to "become a white hat" and returns $40.5 million! Receives a $4.5 million bounty, $GMX rebounds 16%

The decentralized perpetual futures trading platform GMX has seen a reversal in the aftermath of the hacking incident, with hackers currently returning over 96% of the funds, leaving only $4.5 million as a white hat bounty. (Background: GMX announced a report of $42 million hacked: "Re-entrancy vulnerability" exploited by hackers, how will they compensate users?) (Supplementary background: GMX lost not just money, but also status) On July 9, the V1 deployment of GMX on Arbitrum suffered a significant hacking attack, resulting in a loss of approximately $42 million. The attacker exploited a "re-entrancy attack" vulnerability in the smart contract, bypassing the PositionRouter and PositionManager contracts, directly calling the increasePosition function in the Vault contract, manipulating the average short price of BTC from $109,505.77 down to $1,913.7. Subsequently, the hacker used flash loans to purchase GLP (GMX liquidity token) at a price of $1.45, opening a position of $15.38 million, pushing the GLP price above $27 and cashing out significant profits. The stolen assets included approximately $10 million in FRAX, $9.6 million in wBTC, and $5 million in DAI. GMX quickly took action, suspending trading on Avalanche and contacting Arbitrum, exchanges, and stablecoin issuers to track the funds while confirming that the V2 version has no similar vulnerabilities. On July 11, the hacker began returning funds. Then, just two days after the incident, things took a turn. On July 11, the hacker responded to GMX's on-chain message proposing a white hat bounty agreement, promising to "return the funds later." This agreement allowed the hacker to return 90% of the stolen funds (approximately $37.8 million) within 48 hours, while allowing the hacker to keep 10% (approximately $4.2 million) as a white hat bounty, exempt from legal prosecution. Less than an hour later, the hacker began returning funds in batches, with the first batch being $10.49 million in FRAX stablecoin, followed by approximately $32 million of assets (originally in various assets, later converted to about 11,700 ETH). According to tracking by PeckShield and Lookonchain, the hacker ultimately returned about $40.5 million, accounting for over 96% of the stolen funds. The return process was completed on the Arbitrum blockchain, with relevant transaction records being publicly transparent, showing significant results from GMX's negotiations with the hacker. The hacker made millions. According to the agreement, the hacker retained approximately $4.5 million as a white hat bounty, higher than the originally proposed $4.2 million. The increase in this amount mainly came from the hacker's exploitation of market fluctuations, with the price of ETH rising from $2,600 to around $3,000 before returning the funds, earning an additional profit of about $3 million. The final retained $4.5 million includes some ETH and other assets, sourced from the profits realized after manipulating the GLP price during the attack. GMX token price rebounds. After the attack was disclosed, the price of GMX tokens was significantly impacted, dropping by about 30% within 24 hours. However, with the news of the hacker returning funds on July 11, market confidence gradually restored, and the GMX token price rebounded by about 16%, currently reported at $13.22, with a market capitalization of approximately $134 million. Source: CoinGecko Related reports In-depth analysis: Comparison of six major on-chain derivatives protocols: GMX, Synthetix… The largest GMX whale shorts $12 million of ETH! Currently facing a 75% loss and liquidation. Compound III launched on Arbitrum, supporting collateral of ARB, GMX, WETH, WBTC to borrow USDC. This article was first published in BlockTempo, the most influential blockchain news media.