How the GMX Exchange Was Hacked for $42 Million [Full Analysis]

GMX, one of the leading decentralized perpetual exchange operating on Arbitrum and Avalanche, suffered a significant exploit on July 9, 2025. Widely trusted for its liquidity and efficient GLP vault system, GMX fell victim to a vulnerability in its cross-chain mint/redeem functionality, resulting in a staggering $42 million loss. This breach highlights a critical flaw in the smart contract logic, exposing the growing complexity and risks in DeFi’s cross-chain infrastructure.

What exactly happened?

The attacker exploited a flaw in the GLP minting/redeeming mechanism, enabling them to mint excessive GLP tokens and redeem them for more value than they contributed.

Key steps in the exploit:

• The attacker initiated a series of transactions and manipulated the timing of minting/redeeming actions.
• By exploiting a vulnerability likely tied to re-entrancy or insufficient validation in GLP contracts, they managed to inflate GLP balances.
• These inflated balances were used to withdraw assets from the protocol.
• Funds were quickly bridged out to Ethereum, with over $9.6M already moved at the time of detection.

Within hours, GMX suspended minting and redemption functions on both Arbitrum and Avalanche, but the damage was already done. The incident led to a 17% price drop in the GMX token and raised questions around audit coverage and real-time detection.

“Cross-chain vault logic is notoriously difficult to secure due to its asynchronous nature and the increased attack surface,” says Joao Simoes, Head of Web3 at Resonance Security. “At Resonance Security, we’re seeing an alarming trend: most exploits in 2025 stem not from new zero-days, but from business logic flaws in vaults, bridges, and rebasing tokens.”

‍

Key learnings from this hack

This hack underscores the need for:

• Continuous Monitoring: Real-time alerts and anomaly detection systems should be non-negotiable for vaults and bridge mechanisms.
• Reentrancy Protection: Every state-changing function must be hardened against reentrancy, especially in mint/redeem flows.
• Cross-Chain Delay Buffers: Introduce delay mechanisms and guardrails when assets are minted on one chain and redeemed on another.
• Formal Verification + Post-Audit Reviews: Go beyond traditional audits; implement logic simulations for stress-testing economic assumptions.
• Incident Response Playbooks: Speed matters! GMX’s fast response is commendable, but an automated freeze trigger could have limited losses.

‍

Closing Thoughts

The GMX exploit is not an isolated case, but a wake-up call for crypto projects operating in a multi-chain world. Security isn’t just about audits anymore; it’s about active, intelligent defense. 

At Resonance Security, we help projects fortify their protocols with our suite of offensive simulations, continuous monitoring, and real-time detection tools. If you’re building cross-chain vaults, AMMs, or lending protocols, now is the time to get serious about runtime security.

Book a FREE exploration call to discuss further with us how we can help you.

‍

About the Author

Rhythm Jain is the Marketing Development Manager at Resonance Security, bringing several years of experience in marketing and business development. As a cybersecurity enthusiast turned marketing professional, he specializes in crafting strategies that amplify brand presence and drive user engagement across web2 and web3 ecosystems.