Trusted

GMX DEX Reportedly Suffers $565,000 Exploit

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • GMX, a DEX specializing in futures and perpetual futures, has been allegedly hacked.
  • PeckShield earlier estimated losses of $565,000, but the Tweet has since been deleted.
  • Some industry players believe that GMX's minimal spreads and low price impact for trading could open it up to exploitation.
  • promo

Decentralized exchange (DEX) GMX allegedly experiences price manipulation on the AVAX/USD pair in key exchanges.

Open interest in AVAX long perpetual futures has accordingly been capped at $2 million, while open interest in AVAX short perpetual futures has been limited to $1 million.

Perpetual futures are a type of open futures contract without a settlement date. GMX offers spot and perpetual futures, with more than $342 million locked up on Arbitrum, a layer-two ETH solution, and $67 million on Avalanche’s blockchain.

Layer-two solutions like Arbitrum help improve Ethereum scalability by bunching up transactions and transmitting them to layer-one as a single transaction. Doing so reduces Ethereum transaction costs and congestion.

GMX is a decentralized exchange that offers a low fee for perpetual futures and spot trading. It runs on Arbitrum and Avalanche. It allows users to borrow up to 30x their initial margin to amp up futures betting. GMX receives aggregated prices for its assets using Chainlink price oracles.

Attack vector allegedly compromises AVAX price

Earlier today, blockchain security company PeckShield announced on Twitter, “Seems like $GMX on Avalanche exploited, resulting in ~$565k profit. Be Alert.” The company has since deleted the tweet, with GMX tweeting that they are reviewing the situation.

Another Twitter user, @derpaderpederp, also noted the alleged issue,” Seems like @GMX_IO got exploited on $AVAX and are now drastically reducing OI availability on $AVAX trading. Very bad management of the @GMX_IO team after they were warned weeks and months ahead.”

In response to GMX’s announcement, one Twitter user commented, “How exactly can this vector of attack be mitigated since the price manipulation can happen off-site? So long the exchange uses a price oracle any mitigation actions will be post-fact.”

Zig-Zag co-founder weighs in

On Sep. 3, 2022, Twitter user and founder of Zig-Zag @derpaderpederp said that anyone with intimate knowledge of GMX could manipulate the price of ETH, or in this case, AVAX since trading incurs no price impact on GMX. The DEX’s website says,” Enter and exit positions with minimal spread and zero price impact.” A spread is a difference between an asset’s buy and sell rate.

They could take a long position, buying $50 million of AVAX on GMX. They could then buy $40 million of AVAX on a centralized exchange like Binance or Coinbase at an elevated buy price. Upon closing the long position on GMX and receiving a profit, they could open up a $20 million AVAX short position and sell $40M of AVAX back to the centralized exchanges at a discount, pocketing a further profit.

This process can be repeated multiple times, draining the liquidity of GLP, the liquidity provider token on the GMX. GLP holds an index of assets used in leveraged trading on the platform. It can be minted using any index asset and burnt to redeem an index asset.

At press time, the company had not provided a way forward following the alleged hack.

For Be[In]Crypto’s latest Bitcoin (BTC) analysis, click here.

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C...
READ FULL BIO
Sponsored
Sponsored