Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
On July 9, according to monitoring by MistTrack’s MistEye security system, the well-known decentralized trading platform GMX (@GMX_IO) suffered an attack, resulting in asset losses exceeding $42 million. Analysis indicates that the core of this attack lies in the exploitation of two features: the use of leverage when the Keeper system executes orders, and the update mechanism where the global average price adjusts during shorting operations but does not update when closing short positions. Leveraging these mechanics, the attacker conducted a reentrancy attack to create large short positions, manipulating the global short average price and the size of the global short position. This, in turn, artificially inflated the price of GLP, which the attacker then redeemed for profit. Following negotiation, the attacker returned all stolen funds and received a $5 million bounty. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 42,000,000.
- chain
- —
- protocol
- GMX
- bug_class
- reentrancy
- date_occurred
- 2025-07-09
- loss_usd
- $42,000,000
- source_id
- sm:gmx::2025-07-09