The cyber attacker who looted millions from GMX’s V1 GLP pool earlier this week has turned a new leaf, and the stolen funds are now making their way back.
According to on-chain movements flagged by PeckShield Alert, the GMX hacker has returned a total $37.5 million worth of the stolen assets to the protocol. Made in several transfers of ETH and FRAX around 8:00 AM UTC, the total sent so far represents nearly 90% of the $42 million drained just two days ago in the original exploit.
The refund follows GMX’s public offer of a 10% bounty for the safe return of funds, with a 48-hour deadline and a promise not to pursue legal action.
“Ok, funds will be returned later,” the hacker wrote in response via an on-chain message before following through with the fund transfers.
The native token GMX (GMX) jumped 16% on the development, modestly recovering from the 28% drop it suffered in the immediate aftermath of the exploit. While GMX is yet to publicly acknowledge receipt, the protocol thanked the hacker on-chain.
“Thank you, we greatly appreciate this,” the team wrote.
It remains unclear whether the attacker intends to return the remaining funds from the exploit, estimated to be around $4.5 million.
The GMX hack ranks among the largest industry exploits so far this year. Other high-profile victims include Bybit, which suffered a $1.4 billion hack executed by the infamous North Korean hacker group Lazarus, and Cetus Protocol, which was drained for $223 million.
Like GMX, Bybit also offered a 10% bounty to recover the funds. However, it has yet to reclaim any of the stolen assets.
