$43 Million Stolen in a Morning — GMX Exchange Hack Halts Trading
The theft exposes a fundamental flaw in DeFi.
On the morning of July 9, decentralized exchange GMX fell victim to a major digital heist. An unknown attacker drained over $40 million in cryptocurrency from the platform. According to GMX representatives, the incident resulted from a vulnerability in the system. Trading was suspended immediately after the breach was detected.
The company stated on social media that its system had previously undergone multiple security audits by leading experts. Despite this, the defenses were compromised. Blockchain analysts tracking the stolen funds reported that approximately $43 million in user assets had been siphoned off.
Almost immediately after the theft, the stolen assets were laundered. The hacker converted them into Ethereum and dollar-pegged stablecoins (USDC and DAI). Notably, nearly $30 million in USDC briefly remained under the hacker’s control before being redistributed. This has sparked criticism of the crypto industry’s inability to swiftly freeze suspicious addresses—despite USDC being issued by Circle, a major corporation with the technical capability to block funds.
GMX’s Response: Negotiating with the Hacker
Founded in 2021, GMX claims 714,000 users and a total trading volume of $305 billion. Following the hack, the company attempted to contact the attacker via an Ethereum blockchain message, offering a deal: return 90% of the stolen funds and keep 10% as a "bounty." GMX also promised not to pursue legal action—a tactic used by other crypto firms in the past, though its legal enforceability remains questionable. Notably, U.S. federal prosecutors have previously filed charges even in cases where victims tried negotiating with hackers.GMX, alongside cybersecurity experts, issued warnings to other platforms that might be vulnerable to similar attacks. The threat isn’t limited to decentralized exchanges—other DeFi services could also be at risk.
A Growing Trend: DeFi Hacks on the Rise
This incident is far from isolated. In late June, hackers targeted Resupply, stealing $10 million in crypto. According to TRM Labs, $2.1 billion has been stolen from crypto exchanges and digital services in just the first half of 2025 across at least 75 confirmed attacks—a 10% increase over the previous record set in 2022. Even excluding the $1.46 billion Bybit hack, losses exceeded $100 million in four out of six months this year.This surge in digital crime raises serious concerns about the crypto industry’s security measures. Despite audits, internal protocols, and rapid response teams, vulnerabilities continue to net hackers multimillion-dollar payouts—while users suffer losses and eroding trust.
The question remains: Can DeFi ever be truly secure?
