The next hacker attack. The cybercriminals exploited a vulnerability in the GMX V1 exchange protocol, which allowed them to steal $40 million worth of assets from the liquidity pool.
The manipulation was related to the calculation of the short average price. The GMX V1 exploit was caused by a function callback (reentry). The entry point for the attack was a function in the OrderBook.sol smart contract. The attacker used reentry to directly call the increasePosition function in the Vault contract. Under normal circumstances, this function can only be called from the PositionRouter and PositionManager contracts, which ensure the correct calculation of the average price of shorts.
The average price of shorts affects the value of the GLP
A multi-asset liquidity pool that serves as a source of collateral for trading on GMX. Users who provide liquidity to the GLP pool are compensated in the form of trading fees and GMX tokens. through the calculation of profit/loss (PnL). Taking advantage of the vulnerability, the attacker was able to manipulate the price of bitcoin shorts, reducing it from $109,505 to $1,913.
He then received a flash loan to purchase GLP liquidity tokens at the real price of $1.45. The hacker then opened a position for $15,385,676. Due to the modified short loss calculations, the system calculated the losses as $859 million, which artificially inflated the value of GLP to more than $27. After that, the cybercriminal bought back GLP at this inflated price (shorted) and thus made $40 million, after which he withdrew the funds to an unknown wallet.
After the attack, trading on Avalanche. The following companies were engaged to help track and block the stolen funds: Arbitrum, exchanges, bridges, as well as stablecoin issuers Circle, Tether, and Frax.
GMX V2 was tested and found to have no such vulnerability, as all key calculations are performed in a single contract. In GMX V1, the contracts were split. As a precautionary measure, the limits on the issuance of GMX V2 liquidity in the Arbitrum and Avalanche networks were temporarily reduced. The restrictions were lifted after the causes of the exploit were identified and GMX V2 security was confirmed.
Currently, about $3.6 million of tokens are blocked in the GLP pool due to open positions. Approximately $500 thousand in fees (after deducting 30% from GMX) will be sent to DAO for compensation. GLP mining and redemption on Arbitrum will be disabled. GLP mining on Avalanche will also be disabled, but GLP redemption will remain active there. After that, closing V1 positions on both networks will be allowed, but opening new — positions will be prohibited. Users should cancel active orders on V1 manually.
GMX has offered hackers $5 million in rewards for returning funds.
Source: GMX
Spelling error report
The following text will be sent to our editors: