TLDR
- GMX completes $44M payout for users affected by July’s exploit on Arbitrum.
-
GLV tokens are distributed, mirroring pre-exploit asset compositions.
-
GMX V2 remains unaffected by the exploit, continuing with strong liquidity.
-
GMX DAO provided $500K incentives for users holding GLV tokens for 3 months.
GMX, the decentralized perpetual exchange, has finalized a compensation plan for users impacted by the July 2025 security exploit that targeted its GLP pool on Arbitrum. The exploit, caused by a vulnerability in GMX V1, resulted in a loss of around $42 million. The compensation, totaling approximately $44 million, aims to restore value to the affected GLP holders.
The payout includes both recovered GLP funds and an additional $2 million from GMX’s treasury. Eligible GLP holders can now claim their distributions, which will be issued in GLV tokens, the upgraded version of GMX Liquidity Vault products. This distribution represents a significant effort to resolve the issue and provide restitution to the affected users.
Details of the GMX $44 Million Compensation Plan
The $44 million distribution plan is designed to make all affected users whole following the exploit. The GLV tokens distributed to eligible holders mirror the original GLP composition, which includes 25% Wrapped Bitcoin (WBTC), 25% Ethereum (ETH), and 50% stablecoins.
This composition ensures that users receive an asset mix similar to what they originally held before the exploit.
The GMX DAO also implemented a $500,000 retention incentive pool. Users who hold their distributed GLV tokens for at least three months will receive a pro-rata share of this incentive pool. This effort is aimed at encouraging long-term retention and stabilizing the value of the distributed tokens.
How the Exploit Happened
The exploit occurred on July 9, 2025, when a reentrancy vulnerability in GMX V1’s GLP pool allowed an attacker to manipulate short average prices for Bitcoin.
This manipulation enabled the attacker to withdraw more funds than originally deposited, leading to significant financial losses. The exploit resulted in a temporary halt of GLP trading, minting, and redemption on Arbitrum and Avalanche.
Despite the loss, GMX took swift action to address the situation. Within hours of identifying the issue, GMX sent an on-chain message to the attacker’s wallet, offering a 10% white-hat bounty for the return of 90% of the stolen funds. The hacker accepted the offer, and approximately $37.5 million of the stolen funds were returned.
Impact on GMX and the Transition to V2
While the exploit caused a temporary drop in GMX’s token price by up to 28%, the platform has seen a strong recovery. Total value locked (TVL) on GMX dropped from $480 million to $409 million but has since rebounded to over $600 million. The exploit has not affected GMX V2, which continues to see strong trading volumes and liquidity.
GMX V2, which operates on a more secure infrastructure, was unaffected by the exploit, and the platform has shifted its focus entirely to this upgraded version. The transition to V2 includes enhancements designed to prevent similar vulnerabilities in the future. The GMX team has emphasized that V1 will eventually be phased out in favor of V2, which offers a more robust and secure trading environment for users.
As GMX moves forward, the DAO is working on tailored recovery solutions for decentralized finance protocols that integrated GLP. This includes the resumption of GLP redemptions, which are expected to restart in about 10 days.
