Recent attack on GMX (@GMX_IO) resulted in over 42M in losses. Here’s a summary of our analysis: Root causes: 1️⃣GMX v1 updates globalShortAveragePrices when opening shorts but not when closing. 2️⃣It immediately increases globalShortSizes on short position creation. These flaws distorted the AUM calculation, manipulating GLP token prices. The attacker exploited this design flaw by leveraging the Keeper’s timelock.enableLeverage feature—which must be enabled to create large short positions—and used a reentrancy attack to successfully open large short positions. This manipulated the global average price and global short size, artificially inflating the GLP price within a single transaction and profiting through redemption. According to @MistTrack_io: 1️⃣The attacker’s initial funds came from Tornado Cash; ultimately, 11,700 ETH flowed into address: 0x6acc60b11217a1fd0e68b0ecaee7122d34a784c1. 2️⃣Current balances include: • Arbitrum: 10,494,796 Legacy Frax Dollar + 1.07 ETH (0xdf3340a436c27655ba62f8281565c9925c3a5221) • Ethereum:  - 3,000 ETH (0xa33fcbe3b84fb8393690d1e994b6a6adc256d8a3)  - 3,000 ETH (0xe9ad5a0f2697a3cf75ffa7328bda93dbaef7f7e7)  - 3,000 ETH (0x69c965e164fa60e37a851aa5cd82b13ae39c1d95)  - 2,700 ETH (0x639cd2fc24ec06be64aaf94eb89392bea98a6605) 🔗Related links: Attacker address: https://arbiscan.io/address/0xdf3340a436c27655ba62f8281565c9925c3a5221 Attack contract: https://arbiscan.io/address/0x7d3bd50336f64b7a473c51f54e7f0bd6771cc355 Vulnerable contract: https://arbiscan.io/address/0x3963ffc9dff443c2a94f21b129d429891e32ec18 Attack transaction: https://arbiscan.io/tx/0x03182d3f0956a91c4e4c8f225bbc7975f9434fab042228c7acdc5ec9a32626ef Check out our latest article for a full breakdown of the attack and fund movements.⬇️ https://slowmist.medium.com/inside-the-gmx-hack-42-million-vanishes-in-an-instant-6e42adbdead0