Hacker Returns $20 Million Stolen from GMX v1 DEX After White Hat Bounty Offer

In an unexpected twist following a $40 million exploit on the GMX v1 decentralized exchange (DEX), the hacker responsible for the breach has begun returning the stolen funds after an intriguing onchain message from the attacker promised to do so. The incident highlights both the vulnerabilities in decentralized finance (DeFi) platforms and the potential for collaboration between hackers and platforms in resolving such breaches.

On Wednesday, GMX v1, the first iteration of the perpetual trading platform deployed on Arbitrum, suffered a significant exploit. The attacker exploited a design flaw in the system to manipulate the value of GLP tokens and drain various crypto assets from the platform. GMX, a prominent decentralized exchange known for perpetual trading, was hit hard, with the hacker stealing around $40 million in assets.

Hours after the exploit, an onchain message from the hacker appeared on the blockchain, which was flagged by PeckShield, a blockchain security firm. The message read:

“Ok, funds will be returned later.”

This surprising message signaled that the attacker was willing to return the stolen funds, accepting the white hat bounty that GMX had offered.

The Return of Stolen Funds: Over $20 Million Recovered
True to the hacker’s word, funds began to flow back into GMX’s designated Ethereum address about an hour after the message was sent. At the time of writing, the following amounts had been returned:

$9 million in Ether (ETH),
$5.5 million in FRAX tokens,
$5 million more in FRAX tokens, totaling $20 million worth of assets.

This left around $20 million still unaccounted for, but the funds that were returned marked a significant recovery for the GMX team.

In an effort to recover the stolen funds, GMX offered the hacker a $5 million bounty for returning the stolen assets. Recognizing the hacker’s skill in executing the exploit, the GMX team described the bounty as a “white hat bug bounty”.

“You’ve successfully executed the exploit; your abilities in doing so are evident to anyone looking into the exploit transactions,” the GMX team wrote in an onchain message.

GMX offered the bounty as an incentive for the return of the stolen funds, with the promise that the hacker could freely spend the $5 million bounty once the funds were returned. The team also made it clear that the bounty would be classified as a white hat reward, meaning it would be legally unchallenged, allowing the hacker to avoid the risks associated with spending stolen funds.

GMX’s Warning: Legal Action Looming
While the white hat bounty was a generous offer, GMX made it clear that they would pursue legal action if the stolen funds were not returned within 48 hours. The team emphasized that the hacker could keep 10% of the stolen funds (the $5 million bounty), as long as 90% was returned to the addresses specified by the GMX team.

This case raises interesting questions about the relationship between hackers and DeFi platforms. Could we see more white hat bounties in the future? It’s possible that, as the DeFi space matures, platforms may seek to avoid lengthy legal battles and instead offer financial incentives to hackers for returning stolen funds.

In the meantime, the GMX team’s quick response and willingness to offer a fair bounty in exchange for the return of the stolen funds has turned what could have been a disastrous event into a more manageable situation. However, the remaining $20 million will likely continue to be a point of contention, and the crypto community will be watching to see how this unusual situation unfolds.