Is the GMX Hacker a White Hat or Just Masking a $3M Exit Scam?

In a shocking move that has stunned the crypto community, the GMX Hacker has returned some of the swiped $42 million, but not all As reported by the Lookonchain. And this has left one pressing question: is this an exit scam or a bug bounty?

Source: Lookonchain

$42M Gone: The GMX Exchange Hack

On July 9, decentralized trading platform GMX Exchange on Arbitrum and Avalanche was the target of a huge hack. The GMX Hacker made off with approximately $42 million from the platform's GLP liquidity pool. Tokens such as USDC, WETH, WBTC, DAI, LINK, and FRAX were hacked, causing panic among users and a sudden 10% decrease in the platform's token prices.

The attack was initially detected when a suspicious wallet starting with "0xdf3340a4…" had its balance increased by over 800%. Blockchain security companies such as ExVul and DeBank promptly marked this activity as suspicious, and the platform subsequently confirmed the hack on social media site X.

A Planned Attack?

The hack looked as though it was planned. The attacker had financed their wallet days prior using Tornado Cash, a crypto mixer commonly utilized to conceal funds. This demonstrated clear planning and intent. As a response, the exchange immediately shut down trading, minting, and redeeming of GLP tokens on Arbitrum and Avalanche to prevent further losses.

The phisher utilized Circle's Cross-Chain Transfer Protocol (CCTP) to transfer stolen USDC from Arbitrum to Ethereum prior to swapping it into DAI. Several members of the community are now asking why Circle was not able to freeze stolen funds in a timely manner.

A $5M "White Hat" Deal

After remaining silent for a while, the phisher refunded $10.49m in FRAX and received a $5m white-hat reward provided by the platform. The agreement was meant to bring the saga to an end. But the narrative did not end there.

As a precaution, before sending back the funds, the phisher had converted the remaining stolen assets of approximately $32 million into 11,700 ETH.

Now, today, those 11,700 ETH are valued at approximately $35 million because of ETH's price increase. That is, the GMX Hacker made a profit of $3 million through the process.

Community Asks: Will ETH Be Returned?

Now comes the question of whether the phisher will pay back the entire 11,700 ETH or merely enough to equal the $32 million that was initially stolen and pocket the $3 million profit for themselves. If the GMX hacker pockets the additional ETH, some suspect this white-hat transaction could in fact be a veiled exit scam.

Up to now, only the FRAX has been returned, and the crypto world is waiting with bated breath. What the decision states will reveal a lot about the motivations of the hacker, ethical hacker or opportunist?

Final Thoughts

This has actually shocked the community. They returned some money that is a kind of relief, but the situation with ETH remains too unclear and it makes people restless. Was it a clever trick or honest bug-reporting, what the GMX Hacker has done will remain one of the major milestones in the security stories of DeFi.