In a shocking development for the decentralized finance (DeFi) ecosystem, the decentralized perpetual exchange GMX has fallen victim to a sophisticated exploit, with approximately $42 million worth of assets siphoned from its Arbitrum (#ARB) network.
The attack, detected by Cyvers Alerts at 14:20 UTC today, marks one of the largest DeFi breaches of 2025 and has reignited concerns over the security of Layer 2 scaling solutions.
The malicious actor, funded through the U.S.-sanctioned mixer Tornado Cash, bridged $9.6 million to the Ethereum mainnet, leaving the remaining funds on Arbitrum.
The exploit involved a malicious contract deployed by an address traced back to Tornado Cash, a virtual currency mixer sanctioned by the U.S. Treasury in August 2022 for laundering over $7 billion, including $455 million stolen by North Korea’s Lazarus Group.
The stolen assets include a diverse portfolio of tokens: $ETH, $USDC, $fsGLP, $DAI, $UNI, $FRAX, $USDT, $WETH, and $LINK.
On-chain data reveals the attacker’s meticulous planning, with funds initially funneled through Arbitrum before a partial transfer to Ethereum, suggesting potential plans for further obfuscation or liquidation.
The GMX team responded swiftly, posting an on-chain message to the attacker offering a 10% white-hat bounty—approximately $4.2 million—if the exploited funds are returned within 48 hours.
The message, visible on the Arbitrum network, also pledges to refrain from further legal action if the condition is met, a move reminiscent of controversial negotiations seen in past DeFi exploits.
The news triggered an immediate market reaction, with GMX’s token price plummeting to $12.51, a significant drop reflecting investor unease.
Trading volume spiked as panic selling ensued, with analysts warning of prolonged volatility unless the funds are recovered. The incident adds to a troubling trend of DeFi security breaches in 2025, following the $888,000 exploit of Arbitrum-based Rodeo Finance in 2023, which exposed vulnerabilities in vault infrastructure still under scrutiny.
This exploit is not GMX’s first brush with security challenges. In March 2025, a reported $13 million loss linked to Abracadabra/Spell’s cauldrons contract—though not directly involving GMX contracts—highlighted ongoing risks in the ecosystem.
Additionally, a $565,000 price manipulation attack in September 2022 exploited GMX’s “zero price impact” and “minimal spread” features, underscoring persistent vulnerabilities despite the platform’s popularity for its high-leverage trading (up to 100x) and multi-asset liquidity pools.
The involvement of Tornado Cash further complicates the narrative. Since its sanctioning, the mixer has been at the center of a legal battle funded by Coinbase, with a court case ongoing since 2024 challenging the U.S. Treasury’s authority.
This latest incident may fuel arguments on both sides, with critics pointing to Tornado Cash’s role in enabling illicit activities and defenders highlighting its utility for privacy in legitimate transactions.
Arbitrum, a leading Layer 2 solution for Ethereum, is now under the microscope. While its optimistic rollup technology offers scalability, the centralized role of the Sequencer and potential weaknesses in smart contract security have been flagged by experts.
Halborn, a security firm, noted in a 2023 report that Arbitrum’s AnyTrust protocol relies on honest verifiers, a point of failure if compromised. This exploit may prompt a reevaluation of these mechanisms.
The GMX team’s white-hat bounty offer echoes a contentious 2022 precedent set by Crema Finance, which paid $1.7 million to an attacker to recover funds.
Such negotiations remain divisive, with some viewing them as pragmatic and others as emboldening hackers.
The DeFi sector, heavily reliant on smart contracts, continues to grapple with these trade-offs as attacks escalate.
Cyvers Alerts has urged users to secure their assets and offered a demo for its monitoring tools, signaling heightened industry vigilance
The GMX community awaits the 48-hour deadline for the attacker’s response, while blockchain forensics teams race to trace the funds. Should the attacker comply, it could set a new standard for DeFi exploit resolutions.
Conversely, failure to recover the assets may intensify calls for regulatory oversight and enhanced security protocols across Layer 2 networks.
Dr. Elena Markov, a blockchain security analyst, stated, “This incident underscores the fragility of DeFi’s current infrastructure.
The linkage to Tornado Cash highlights the challenge of balancing privacy and compliance, while Arbitrum’s role raises questions about Layer 2 resilience.”
Meanwhile, market strategist Jayden Lee added, “The price drop is a wake-up call. Investors are losing confidence, and without swift action, GMX could face a prolonged recovery.”
On-Chain Media will provide live updates as the situation unfolds. Follow us for the latest on the GMX exploit, market trends, and the evolving DeFi security landscape.
On-Chain Media articles are for educational purposes only. We strive to provide accurate and timely information. This information should not be construed as financial advice or an endorsement of any particular cryptocurrency, project, or service. The cryptocurrency market is highly volatile and unpredictable.Before making any investment decisions, you are strongly encouraged to conduct your own independent research and due diligence
Tags :
0 Comments
Show More
A deep dive into recent XRP burn data showing 2.5 million tokens permanently removed over 800 days, why that matters, and why some analysts believe $100 per XRP is inevitable with real numbers.
Ethereum shows renewed bullish momentum above key levels near $3,330.
Bitcoin trades at a critical crossroads as price compresses near resistance. Analysts debate whether BTC breaks $100K or faces another correction.
On-Chain Media is an independent, reader-funded crypto media platform. Kindly consider supporting us with a donation.
bc1qp0a8vw82cs508agere759ant6xqhcfgcjpyghk
0x18d7C63AAD2679CFb0cfE1d104B7f6Ed00A3A050
CBaXXVX7bdAouqg3PciE4HjUXAhsrnFBHQ2dLcNz5hrM
Contains the last 12 releases
