GMX Hacker Returns Stolen Funds While Sending Remaining Amount to Tornado Cash

By: Isha Das

In a dramatic turn of events, the hacker responsible for the $40 million exploit on the GMX decentralized exchange has begun returning a significant portion of the stolen funds. This surprising development followed the hacker’s acceptance of a $5 million white hat bounty offered by the GMX team. In a noteworthy move, the hacker initiated the repayment process by sending an on-chain message affirming their intention to return the stolen crypto assets.

The security apparatus of blockchain, anchored by experts from firms like PeckShield, played a crucial role. They flagged the on-chain message where the hacker declared, "Ok, funds will be returned later," signaling a shift in the hacker's approach. Within an hour, the process of returning the crypto commenced, with the GMX Exploiter 2 address remitting approximately $9 million in Ethereum (ETH) to the address specified by the GMX team, showing a concerted effort to adhere to the agreed bounty conditions.

However, the narrative took another twist as a portion of the funds was directed to Tornado Cash, a popular Ethereum mixer known for obfuscating transaction histories and preserving the anonymity of involved parties. This move raised concerns about the ultimate intentions of the hacker and the potential challenges it poses for tracing the remaining funds.

This incident underscores the complexities and evolving dynamics of decentralized finance (DeFi) security. The GMX team’s strategy to recover the funds via negotiation, combined with offering a substantial bounty, highlights an adaptive defense against cyber threats. Such scenarios also stimulate discussions around ethical hacking and the fine line between black hat and white hat activities. As the situation develops, the crypto community remains vigilant, keen to see how these events impact future security protocols within the DeFi space.