$40M lost! – All about GMX’s V1 hack and what to watch out for

Key Takeaways

• GMX suffered a $40 million exploit, adding to over $2.5 billion in crypto losses this year. Rising threats from hacker groups prompt stronger security measures and spark calls for improved industry regulation.

The decentralized exchange GMX has confirmed a major security breach involving its GMX V1 GLP pool on Arbitrum [ARB], resulting in the loss of approximately $40 million.

In response, GMX disabled trading, minting, and redeeming of GLP tokens on both Arbitrum and Avalanche [AVAX] as the team investigates the exploit and works to contain further damage.

The vulnerability is limited to GMX V1—GMX V2, its token, and markets remain unaffected. Although the smart contracts had previously passed audits, the breach points to sophisticated manipulation of an undiscovered flaw.

As a precaution, all trading functions across supported networks have been paused. GMX’s core contributors are collaborating with external experts to identify the vulnerability and trace the attacker’s movements.

A detailed incident report will be shared after the investigation concludes. Users are advised to follow official GMX channels for timely updates.

2025 has seen a surge in crypto-related attacks

The GMX breach adds to a growing list of security incidents this year.

Reports show that losses from crypto hacks exceeded $2.5 billion in the first half of 2025. A major portion of that total came from a February attack on Bybit, which lost $1.4 billion.

As reported by AMBCrypto in June, Nobitex, a crypto exchange in Iran, was hit by a cyberattack. The attack was linked to a hacker group known as Gonjeshke Darande.

It caused more than $81 million in damage and forced Nobitex to halt services temporarily.

These attacks have followed no single pattern. Some involved smart contract exploits, others used phishing or insider access. Hackers continue to find new ways to target both DeFi and CeFi platforms.

State-backed actors’ illicit moves

The U.S. Treasury imposed sanctions on Song Kum Hyok, a North Korean hacker group.

Officials accused the group of breaching several crypto platforms and defense contractors. They used fake identities and phishing schemes to gain internal access.

Their tactics involved more than just technical breaches. They also targeted staff through social engineering and psychological manipulation. This strategy made it easier to compromise sensitive systems and extract assets.

Such attacks show how state-backed groups have expanded their reach into crypto markets. These campaigns combine political motives with economic goals.

Industry response focuses on security and user protection

In the wake of these attacks, DeFi platforms have begun to adjust their risk controls.

GMX’s fast action to disable trading shows a trend toward quicker incident response. Projects are now applying stricter security audits and broader monitoring systems.

Users have been asked to stay alert and avoid interacting with unofficial links. Many phishing campaigns tend to follow right after large-scale exploits.

The rise in security incidents has led to growing discussions on regulation. Some believe stricter oversight may help protect funds. Others argue that better code and smart contract reviews offer a more effective solution.

The GMX exploit, combined with other attacks, shows that 2025 is a high-risk year for crypto. Stakeholders may need to rework their approaches to security and community safety.