Latest news with #PeckShield
Yahoo
11-07-2025
- Business
- Yahoo
GMX Exploiter Return $40M Days After Hack, Token Zooms Higher
The attacker who drained over $40 million from GMX's V1 contracts earlier this week has started returning funds, suggesting they've accepted the project's $5 million white-hat bounty. The first signs came Friday via an on-chain message: 'ok, funds will be returned later.' Hours later, over $10.5 million in FRAX was sent back to GMX's deployer wallet. Security firm PeckShield flagged the returns, which appear to be just the start, with more funds expected to follow. GMX is now trading at $13.15 having risen by 13% over the past 24 hours. Later on, over $40 million in various tokens were returned to the GMX Security Committee MultiSig address, Lookonchain noted. The breach, one of the largest DeFi exploits of the year, targeted GMX's GLP pool on Arbitrum. It exploited a re-entrancy flaw in the OrderBook contract, allowing the attacker to manipulate short positions on BTC, inflate GLP's valuation, and redeem it for outsized profits across USDC, WBTC, WETH, and FRAX. Reentrancy is a common bug that allows exploiters to trick a smart contract by repeatedly calling a protocol to steal assets. A call authorizes the smart contract address to interact with a user's wallet address. GMX responded by halting V1 trading and minting across both Arbitrum and Avalanche. A bug bounty worth more than 10% of the stolen funds was offered, with a promise of no legal pursuit if the full amount was returned within 48 hours (which the hacker seems to have adhered to as of European morning hours Friday). Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
09-07-2025
- Business
- Yahoo
Decentralized Exchange GMX Exploited for $42M, Offers Hacker 10% White Hat Bounty
Decentralized perpetual exchange GMX has been exploited with over $42 million worth of crypto being stolen, according to blockchain security firm PeckShield. So far, $9.6 million worth of the funds have been bridged over to the Ethereum blockchain, which has become a natural path for hackers who then launder funds through token mixing protocol Tornado Cash. The rest of the $32 million remains on Abritrum, a layer-2 network that hosts the GMX exchange. More than $10 million worth of legacy frax dollar was stolen as well as $9.6 million of wrapped btc (wBTC) and $5 million of the dai stablecoin. GMX developers responded to the hacker, signing a message on-chain that read: "We want to offer a 10% white-hat bounty for the return of the exploited funds." A white-hat bounty is offered to ethical hackers who find vulnerabilities in protocols and in return receive a bounty. The exploit is another blight on a cryptocurrency industry that saw investors lose $2.5 billion to hacks and scams in the first half of 2025, according to a CertiK report. Sign in to access your portfolio
Yahoo
09-07-2025
- Business
- Yahoo
Another exchange hacked for $40M
Another exchange hacked for $40M originally appeared on TheStreet. The GMX crypto exchange got hacked for $41.9 million on July 9, the on-chain analytics platform Lookonchain posted on X. Launched in 2021, GMX is a decentralized spot and perpetual exchange that offers up to 100 times leverage in crypto trading. GMX confirmed on X that V1 on Arbitrum has suffered an exploit of approximately $40 million. The stolen funds have been transferred from the GLP pool to an unknown wallet, it added. The exchange said it has paused trading on GMX V1 and the minting and redeeming of GLP on both Arbitrum and Avalanche networks. It recommended users disable leverage, among other steps, to potentially mitigate the per the on-chain data on DeBank, the hacker still held $30.2 million on Arbitrum and bridged more than $11.6 million to Ethereum. PeckShieldAlert shared a message on X as per which the GMX developer seemed to acknowledge the exploit and offer a 10% white hat bounty to recover the stolen funds. No further legal action will be taken if the exchange succeeds in recovering 90% of the stolen funds within 48 hours, the message read. As per the on-chain analyst Arkham Intelligence, the hacker's wallet held $43.5 million at the time of writing. Among the cryptocurrencies the wallet holds are $10.5 million in Legacy Frax Dollar, $9.6 million in wrapped Bitcoin, $10.3 million in DAI, $5.8 million in wrapped Ethereum, $2.6 million in Ethereum, $2.2 million in USDC, and $1.3 million in USDT. An official followup announcement will be published once a full post-mortem has been done. When TheStreet Roundtable reached out to GMX on X for a comment on the development, the exchange's representative told us to wait for an official follow-up announcement to be published once a full postmortem has been done. Another exchange hacked for $40M first appeared on TheStreet on Jul 9, 2025 This story was originally reported by TheStreet on Jul 9, 2025, where it first appeared. Sign in to access your portfolio
Yahoo
17-06-2025
- Business
- Yahoo
Meta Pool, a Liquid Staking Protocol, Suffers $27M Exploit
Multi-chain liquid staking protocol Meta Pool suffered a smart contract exploit on Tuesday, resulting in the loss of $27 million. Blockchain security firm PeckShield reported that a bug in the protocol's staking contract allowed users to freely mint mpETH, the protocol's liquid staking token (LST). While an attacker managed to mint $27 million worth of the tokens, a lack of liquidity on Uniswap meant that they could only swap 10 ETH worth ($25,000). An Etherscan transaction before the exploit took place showed that an account labeled as "MEV Frontrunner Yoink" removed 90 ETH worth of liquidity from the pool. Meta Pool is yet to post any updates about the exploit on social media. Total value locked (TVL) for the project still stands at $75 million, according to DefiLlama, while the protocol's MPDAO governance token trades at $0.02 on minimal volume. The exploit continues a trend from May that saw investors lose $302 million to hacks, scams and exploits, according to in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Bloomberg
22-05-2025
- Business
- Bloomberg
Crypto DeFi Project Cetus Protocol Suffers Security Breach
Cetus Protocol, a decentralized crypto exchange and key liquidity provider on the Sui blockchain, lost more than $200 million in a security breach on Thursday, according to blockchain security firm PeckShield Inc. The project confirmed the incident in a post on X, formerly Twitter, stating that its smart contracts had been paused 'temporarily for safety' and that a full investigation is underway. 'The team is investigating the incident at the moment. A further investigation statement will be made soon,' the post said.
