Decentralized exchange GMX said more than $40 million worth of cryptocurrency was stolen during an incident on Wednesday morning.
GMX, which allows users to purchase and speculate on many different cryptocurrencies, published a statement on social media saying the company “experienced an exploit” and is conducting an investigation on how it occurred. GMX added that its platform had previously undergone “numerous audits from top security specialists.”
Several blockchain security companies confirmed the theft, tracking about $43 million in user funds exiting the platform. Trading on the platform has been disabled.
The hacker laundered the stolen funds shortly after the theft, changing batches into ethereum as well as the U.S.-dollar pegged stablecoins USDC and DAI.
GMX was launched in 2021 and now claims to have 714,000 users and a total trading volume of $305 billion.
Some online criticized cryptocurrency companies for not being quicker about blacklisting addresses involved in criminal thefts, noting that the hacker briefly held nearly $30 million worth of USDC — the stablecoin controlled by corporate cryptocurrency giant Circle — before it was laundered further.
In a message to the hacker on the Ethereum blockchain, GMX acknowledged the incident and offered to pay them 10% of the stolen funds as a bounty if the other 90% was returned in 48 hours.
GMX said it would not pursue litigation if the funds were returned — a dubious legal claim several cryptocurrency companies have made in an effort to coax hackers into returning stolen money. Federal prosecutors have previously been willing to charge crypto hackers regardless of victim cooperation.
The company and security experts offered technical advice to other connected platforms on how to protect themselves from the vulnerability.
Two weeks ago, the decentralized finance platform Resupply was hacked and had $10 million in cryptocurrency stolen.
Blockchain security company TRM Labs said in the first half of 2025, $2.1 billion was stolen from crypto exchanges and other digital asset operations in at least 75 confirmed cyberattacks — a 10% increase compared to the previous record set in 2022.
Even when experts excluded the North Korean theft of $1.5 billion from Dubai-based exchange Bybit, the company tracked more than $100 million in losses in four out of all six months.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
