GMX has finalized its $44 million compensation plan for users affected by a July 2025 security exploit targeting its V1 GLP liquidity pool on Arbitrum. The exploit, caused by a reentrancy vulnerability in GMX V1 on July 9, allowed an attacker to manipulate Bitcoin short prices and drain approximately $42 million in assets.
Affected GLP holders can now claim distributions in GLV tokens—upgraded GMX Liquidity Vault tokens—mirroring pre-exploit asset compositions: 25% Wrapped Bitcoin (WBTC), 25% Ethereum (ETH), and 50% stablecoins. The GMX DAO covered a $2 million shortfall from its treasury and allocated $500,000 in retention incentives for users holding GLV tokens for at least three months.
Approximately 29% of the GLP supply held by the white-hat hacker was burned to restore proportional value. The attacker returned $37.5 million of stolen funds after accepting a 10% bounty, retaining $5 million. Despite the exploit, GMX V2 remained unaffected, with trading volumes and liquidity continuing to grow. Total Value Locked (TVL) has rebounded from $409 million post-exploit to over $600 million.
The GMX token price initially fell 28% but partially recovered. The DAO is developing tailored solutions for DeFi protocols using GLP, with redemptions expected to resume within 10 days. GMX V1 will be phased out in favor of V2.