The cyber attacker who looted millions from GMX’s V1 GLP pool earlier this week has turned a new leaf, and the stolen funds are now making their way back. According to on-chain movements flagged by PeckShield Alert, the GMX hacker has returned a total $37.5 million worth of the stolen assets to the protocol. Made in several transfers of ETH and FRAX around 8:00 AM UTC, the total sent so far represents nearly 90% of the $42 million drained just two days ago in the original exploit . The refund follows GMX’s public offer of a 10% bounty for the safe return of funds, with a 48-hour deadline and a promise not to pursue legal action. #PeckShieldAlert #GMX Exploiter has returned a total of $37.5M worth of cryptos, including ~9K $ETH & 10.5M $FRAX to the #GMX Security Committee Multisig address pic.twitter.com/yBar1dp0Is — PeckShieldAlert (@PeckShieldAlert) July 11, 2025 “Ok, funds will be returned later,” the hacker wrote in response via an on-chain message before following through with the fund transfers. You might also like: $2.4B lost in 2025 H1 crypto hacks — exchanges and DeFi hit hardest: report The native token GMX (GMX) jumped 16% on the development, modestly recovering from the 28% drop it suffered in the immediate aftermath of the exploit. While GMX is yet to publicly acknowledge receipt, the protocol thanked the hacker on-chain. “Thank you, we greatly appreciate this,” the team wrote . It remains unclear whether the attacker intends to return the remaining funds from the exploit, estimated to be around $4.5 million. The GMX hack ranks among the largest industry exploits so far this year. Other high-profile victims include Bybit , which suffered a $1.4 billion hack executed by the infamous North Korean hacker group Lazarus , and Cetus Protocol, which was drained for $223 million. Like GMX, Bybit also offered a 10% bounty to recover the funds. However, it has yet to reclaim any of the stolen assets. Read more: Cetus Protocol relaunches with new roadmap and compensation plan after $223m exploit
