GMX Hacked: $40M Stolen in Major DeFi Cyber Heist
On the morning of July 9, the decentralized exchange GMX fell victim to a major cyber heist. An unidentified attacker siphoned off over $40 million worth of cryptocurrency from the platform. According to GMX representatives, the breach was the result of a vulnerability in the system. Trading was promptly suspended following the discovery of the incident.
The company announced on social media that its systems had previously undergone numerous audits by leading cybersecurity experts. Nevertheless, the protections in place proved insufficient. Blockchain analysts tracking the stolen funds estimated that approximately $43 million in user assets had been compromised.
Almost immediately after the theft, the stolen assets were laundered. The attacker converted them into Ethereum and U.S. dollar–pegged stablecoins—namely USDC and DAI. Notably, nearly $30 million in USDC remained under the attacker’s control for a brief period before being redistributed. This raised sharp criticism within the crypto community over the industry’s inability to swiftly block suspicious addresses—especially given that USDC is issued by the major corporation Circle, and is technically capable of being frozen.
Founded in 2021, GMX claims over 714,000 users and a cumulative trading volume of $305 billion. Following the breach, the company attempted to open communication with the hacker by sending an on-chain message via Ethereum. In it, GMX offered to return 90% of the stolen funds to the platform, allowing the attacker to keep the remaining 10% as a “bounty.” The company also pledged not to pursue legal action if the funds were voluntarily returned—an approach other crypto firms have also attempted, though its legal viability remains questionable. In past cases, U.S. federal prosecutors have pursued charges even when victims sought to negotiate with their attackers.
In collaboration with security experts, GMX has issued advisories to other platforms that may be vulnerable to similar exploits. The nature of the flaw suggests a broader threat that could affect not only decentralized exchanges but a wider array of DeFi services.
This incident is far from isolated. In late June, hackers targeted the Resupply platform and made off with $10 million in digital assets. According to TRM Labs, the first half of 2025 alone saw $2.1 billion stolen from crypto exchanges and digital services in no fewer than 75 confirmed attacks—a 10% increase over the previous record set in 2022. Even excluding the headline-making $1.46 billion Bybit heist, losses still exceeded $100 million in four of the past six months.
Such a dramatic rise in digital crime casts serious doubt on the resilience of current security measures within the cryptocurrency industry. Despite audits, internal protocols, and rapid incident responses, vulnerabilities continue to yield multimillion-dollar windfalls for attackers—leaving users with losses and eroding trust.
