$40 Million Crypto Heist: GMX Hacker Returns Funds for $5M Bounty, Dodges Legal Battle

A hacker who siphoned $40 million in cryptocurrency from the decentralized exchange GMX has returned nearly the entire haul in exchange for a $5 million payout. The breach ranked among the largest in DeFi history, yet events took an unexpected turn when the GMX team proposed a settlement to avert protracted legal entanglements.

Once the attack was detected, GMX reached out to the perpetrator with a straightforward proposition: surrender the stolen assets and receive a legitimate reward. Acknowledging the attacker’s technical prowess, GMX stressed that the choice between a lawful bounty and retaining illicit gains under threat of prosecution should be self-evident. The exchange also assured users that any losses would be covered from internal contingency funds.

Three days after the hack, the swap was complete. The attacker signaled compliance on-chain—“ok, funds will be returned later”—and began remitting the money in tranches of roughly $5 million. In total, about $40.5 million was restored: 10,000 ETH worth $30 million and an additional $10.5 million in FRAX tokens. GMX confirmed receipt.

The team later published a technical post-mortem outlining the vulnerability, which has now been patched. Founded in 2021, GMX claims more than 714,000 users and a cumulative trading volume of $305 billion.

Legal jeopardy for the hacker, however, is not entirely off the table. A precedent looms from 2022, when Avraham Eisenberg drained $110 million from Mango Markets. Despite returning $67 million under a private agreement, he was later prosecuted and, in 2024, convicted on multiple counts—including commodities fraud and market manipulation—and sentenced to four years and four months in prison.