Lower than 48 hours after siphoning about $42 million in cryptocurrencies from the decentralized buying and selling platform GMX, the hacker accountable for the assault has begun to return the stolen loot.
In accordance with an replace from the on-chain sleuth PeckShield, the GMX exploiter has returned at the very least $40.5 million in crypto property, together with ether (ETH) and Legacy Frax Greenback (FRAX).
Root Reason for the Exploit
Recall that the hacker exploited GMX’s good contracts to steal the funds on July 9. A postmortem report from the agency confirmed that it was a re-entrancy assault. The exploiter took benefit of a wise contract perform that might not stop re-entrancy points inside the identical good contract.
This design flaw on GMX V1 enabled the prison to position a number of calls inside one perform and brought on the contract to calculate the mistaken stability. They have been in a position to artificially inflate the worth of GLP, which is the liquidity supplier token for GMX.
After the breach, they stole a number of property, together with Wrapped bitcoin (WBTC), FRAX, and DAI. They finally bridged the funds from Arbitrum to Ethereum and transformed all, besides FRAX, to 11,700 ETH.
Whereas the hacker made these strikes, GMX dropped an on-chain message, providing a ten% white hat bounty in change for the stolen funds. The proposal would final for 48 hours, with a promise of no authorized penalties.
Hacker Returns Stolen Funds
Earlier right this moment, the hacker responded to GMX’s 10% bounty providing, with a message that learn: “Okay, funds shall be returned later.” They first returned $10.49 million FRAX to the GMX Safety Committee Multisig deal with. The remaining $32 million, which have been swapped for ETH earlier, have additionally been returned in batches.
Notably, the $32 million ETH was price $35 million right this moment following the spike in ether’s value. The hacker took the $3 million revenue and returned the unique quantity. Due to this fact, they took a bounty of roughly $4.5 million and returned a complete of $40.5 million.
In the meantime, GMX has confirmed that the incident didn’t have an effect on its V2 protocol, because the chain doesn’t have the vulnerability that enabled the assault on V1. The staff has lifted the minting caps it positioned on liquidity tokens for GMX V2 on Arbitrum and Avalanche.
GMX, the native token of the GMX platform, has additionally recovered from a sudden dip brought on by the incident. Information from CoinMarketCap reveals the asset is up over 13% right this moment.
The publish GMX Hacker Returns Stolen $40 Million, Accepts $5M Bounty appeared first on CryptoPotato.