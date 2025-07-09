Decentralized Finance (DeFi) platform GMX has been hacked for $42 million, with concerns growing that the widely forked codebase may lead to repeat attacks.

Stablecoin issuer Circle came under fire for what was seen as a slow response to the incident, after it missed its chance to freeze a significant portion of the stolen funds.

In the hour following the attack, the hacker bridged millions of USDC from the Arbitrum network to Ethereum before swapping the USDC for DAI, which cannot be frozen.

.@GMX_IO has been exploited for ~$42M. The exploiter has bridged ~$9.6M worth of cryptos to #Ethereum. pic.twitter.com/SKTC1ubVEI — PeckShield Inc. (@peckshield) July 9, 2025

Read more: DWF Labs-backed USDf depegs as red flags raised over quality of backing

The attack appears to be related to a bug in the GMX v1 code; security auditors BlockSec suspect that a reentrancy vulnerability is involved.

In addition to the $42 million stolen, the GMX token price is down approximately 25% since the hack, according to data from CoinMarketCap.

The GMX team acknowledged the hack via X, assuring that “the exploit does not affect GMX V2, its markets, or liquidity pools, nor the GMX token itself.” A developer has reached out to the attacker via an on-chain message, offering a 10% bounty for the return of funds.

Running circles around Circle

Various observers on X have pointed out the lack of action from USDC issuer Circle, which could have blacklisted the hacker’s address and frozen over $9 million of stolen funds.

The exploiter even used Circle’s own bridging tool to move 8 million USDC between the Arbitrum and Ethereum blockchains in order to swap it for the unfreezable DAI.

.@circle USDC freeze response time is an absolute joke



GMX exploiter address at some point held $30M in USDC and keeps swapping tokens for USDC with no blacklisting in sight



address holds $4.3m USDC right now



its been more than 1h since the exploit took place pic.twitter.com/3iGmCyI2Kf — ultra (@0x_ultra) July 9, 2025

Read more: Across Protocol accused of looting DAO treasury of $23M

Blockchain investigator ZachXBT, a frequent critic of Circle for its lack of action in the moments after hacks, chimed in, “Circle just does not care about the ecosystem.”

He claims to have alerted “multiple team members within minutes” after the hack, but to no avail. He also addressed Circle’s CEO, Jeremy Allaire, directly.

Others contrasted the rapid freeze of 1.3 million USDT0 (Tether and Everdawn Lab’s cross-chain version of USDT), which was briefly held by the exploiter, despite the fact that the transaction came just 23 seconds too late.

Are GMX forks going to be hacked too?

GMX was one of the darlings of DeFi’s last cycle as one of the first platforms to offer trading of crypto perpetuals directly on-chain.

Launched in September 2021, GMX accrued over $350 million of total value locked (TVL) in the DeFi mania leading up to the collapse of UST/LUNA.

The platform’s TVL peaked in May 2023 at around $700 million, according to data from DeFiLlama.

Its popularity provoked an explosion of fast “forks,” new projects reusing an existing codebase in order to capitalize on the success of a new type of platform. Blockchain security firm Peckshield fears that the vulnerability exploited in GMX v1 may also be present in these forked projects.

You should withdraw all funds from any gmx v1 forks asap, there are loads it was the most copied dex a few years back — jmo (@cuntycakes123) July 9, 2025

Read more: Linea protocol ZeroLend is a ‘copy-paste’ Aave fork, linking to original’s docs

A total of $28 million could potentially be at risk across all v1 forks. DeFiLlama tallies 64 such projects, though only 13 hold more than $100,000.

GMX took to X to issue a warning to forks and provided potential mitigation measures, including disabling leverage and minting of GLP tokens.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.