The decentralized finance (DeFi) sector recently experienced a significant security incident as GMX, a prominent perpetual exchange, confirmed an exploit leading to an estimated $40 million loss. This breach specifically targeted the GMX V1 protocol’s liquidity pool, a crucial component operating on the Arbitrum network, highlighting persistent vulnerabilities inherent in older-generation DeFi architectures.
- GMX V1, a perpetual exchange, suffered an estimated $40 million exploit.
- The breach specifically targeted the GMX V1 protocol’s liquidity pool on the Arbitrum network.
- Following the incident, GMX suspended trading on GMX V1 and halted GLP token issuance/redemption across Arbitrum and Avalanche.
- The more recent GMX V2 protocol, its markets, and the GMX token remained unaffected by the attack.
- The exploit capitalized on a design flaw in V1’s short average price calculation, impacting Assets Under Management (AUM).
Immediately following the compromise, GMX initiated swift measures to contain the damage. The platform suspended all trading activities on GMX V1 and paused the issuance and redemption of its GLP tokens across both the Arbitrum and Avalanche networks. Users were also advised to adjust their settings, including disabling leverage, to mitigate any further potential exposure. Crucially, the more recent GMX V2 protocol, along with its associated markets, liquidity pools, and the native GMX token, remained entirely unaffected by the attack, underscoring the effectiveness of its updated design and architecture.
Anatomy of the Exploit
Initial analysis, conducted in collaboration with specialized security partners, pointed to a highly specific attack vector within GMX V1. The manipulation centered on a flaw in how the short average price was calculated within the V1 system. Security firm SlowMist further elaborated on the underlying root cause, identifying a design flaw in GMX V1 where short position operations instantaneously updated global short average prices. This direct correlation significantly influenced the calculation of Assets Under Management (AUM), thereby creating an exploitable pathway for malicious actors.
Our initial analysis of today’s GLP exploit, conducted in collaboration with our security partners and lead auditor, still confirms that the attack vector is specific to GMX V1. The manipulation involved relates to the calculation of the short average price on V1, and the same… https://t.co/BbcUSaXy99
— GMX 🫐 (@GMX_IO) July 9, 2025
The attackers leveraged a re-entry exploit mechanism to open exceptionally large short positions, thereby manipulating these global average prices. This artificial inflation of GLP token prices, achieved within a single transaction, allowed the perpetrators to realize substantial profits through subsequent redemption operations. The GLP pool, which serves as the primary liquidity provider for the protocol and comprises a diversified basket of assets including Bitcoin, Ethereum, and various stablecoins, relies heavily on its integrity for the overall health of the ecosystem.
The root cause of this attack stems from @GMX_IO v1's design flaw where short position operations immediately update the global short average prices (globalShortAveragePrices), which directly impacts the calculation of Assets Under Management (AUM), thereby allowing manipulation… https://t.co/BIMtZAI1s7 pic.twitter.com/BIILFf8Mex
— SlowMist (@SlowMist_Team) July 9, 2025
Broader Industry Implications
This incident further compounds a troubling trend of escalating losses from security exploits across the broader cryptocurrency ecosystem in 2025. Cumulatively, losses stemming from security breaches within the industry have already surpassed an alarming $2.1 billion year-to-date. This figure includes other significant incidents such as a substantial $1.46 billion loss incurred by the Bybit exchange and an $81 million breach that impacted the Iranian exchange Nobitex.
The GMX team has publicly stated that it is actively investigating the incident and is committed to working towards a comprehensive resolution. This recent event unequivocally reinforces the critical need for significantly enhanced security measures across all decentralized finance platforms, particularly concerning the fundamental design of liquidity pools and the robustness of their underlying pricing mechanisms. The continuous evolution and sophistication of attack vectors necessitate proactive, rigorous, and ongoing auditing processes to effectively safeguard the integrity and stability of the decentralized financial infrastructure.
Senior Crypto Correspondent with over 8 years of experience covering Bitcoin, altcoins, and blockchain technology for leading financial publications. Alexander holds a master’s degree in Financial Economics and specializes in in-depth market analysis, regulatory updates, and interviews with top industry figures.