Crypto news is seemingly rife with stories about security breaches. Even the biggest platforms and exchanges suffer their share of security breaches, which is why security is one of the biggest concerns from critics both inside and outside of industry.
Decentralized exchange GMX is just the latest example of those concerns. A crypto hacker managed to drain a whopping $42 million from decentralized cryptocurrency exchange GMX in a move that has become less than shocking to the crypto community. The developments, however, have been a bit more surprising.
Hacker Returns Funds
The biggest part of the story is that a hacker managed to steal $42 million in crypto from the decentralized exchange GMX. What few saw coming was the hacker themselves returning the amount after GMX offered a bounty for the return of the stolen funds.
The hacker was given a reward of $5 million as a result. GMX announced these developments on their own X social media account. In those posts, they noted that the hacker managed to exploit a known vulnerability in the Arbitrum-based liquidity pool, leading to the theft of $42 million in total crypto assets.
After transferring at least part of the stolen funds to an unknown crypto wallet, the hacker has since returned all of the funds. GMX has since confirmed that they have received the remaining funds – minus the $5 million bounty – and are now holding them securely in the GMX Security Multisig.
GMX, a decentralized autonomous organization (DAO) is working to create a distribution plan for those recovered funds, which will ultimately go to the GMX community for final approval.
More About the Exploit
As for the exploit itself, it was labeled as a re-entrancy attack. The attack took place on July 9 and is the type of hack that targets smart contracts looking for a vulnerability that comes when those contracts make a call to another smart contract before eventually updating itself. This gives a small window for potential an external, malicious contract to get involved.
GMX has tried to assure users that the exploit is limited to GMXV1. They ensure users are covered in V2, that liquidity pools and markets (and the native asset to the ecosystem) remain unaffected from hacks of this kind.
The return of $37 million in funds has resulted in a positive market rebound for GMX. Just 24 hours after the news of the returned funds, GMX saw an increase of 18.4% over its previous price.
If anything, events like these highlight why security in the cryptocurrency space are so important. When it comes to exchanges, there is always the potential for a hacker to attack. That GMX incentivized the hacker to return the stolen funds is interesting in itself. It also shows how resilient the GMX ecosystem has been, able to rebound from this exploit and bring measures about to make sure that something like this doesn’t happen again.
Could This Have Been Prevented?
The generally feeling is that this kind of attack could have been prevented by GMX. The issue at hand is a lack of validation when it came to the account parameter in executeDecreaseOrder. If the protocol had enforced a check to ensure that the caller in question was an EOA using EIP-7702-like methods to keep contracts from masking themselves as users, the attack vector could have ultimately been blocked.
Other methods could have been instituted to prevent an attack like this from occurring. Re-entrancy guards, for starters. Checking for contract code presence, using better gas refund logic (one that doesn’t allow mid-flow hijacking), and validating the call sequence using router layers are just a few of the things that could have been done.
The Pros and Cons of Using a Decentralized Cryptocurrency Exchange
Cryptocurrency exchanges provide a convenient place to buy, sell, and trade your preferred crypto tokens. That said, there are upsides and downsides to participating in one, especially if you go for one that is totally decentralized.
Given that decentralized exchanges are gaining serious traction because of the control they give users, it is important to know what you are getting into before signing up. There are inherent benefits to using a decentralized platform, but there are definitely drawbacks as well.
Pros
For starters, using a decentralized platform gives full custodianship over assets to the user. This ultimately reduces the need for a third party, which can become convoluted and expensive depending on the platform.
Additionally, there is less personal information required, so privacy is enhanced. Users also have access to decentralized financial services, a market that has been growing exponentially. Finally, the fees on trades tend to be much lower compared to centralized exchanges.
Cons
On the downside, user responsibility for securing private keys is much higher. Losing that key can lead to a permanent loss of assets. For new users, this can be a more complex process.
Most decentralized exchanges also have limited support when it comes to fiat-to-crypto transactions. They generally don’t support them, so users need to find other means. Finally, many DEXs have lower liquidity, which presents higher slippage issues.
How to Use a Decentralized Exchange
Still want to get involved in a decentralized exchange? There are a few simple steps that will help you get started on the right foot:
· Find your exchange. The hardest part of this process is narrowing down your options. Each has its benefits and downsides, so take the time to do your homework so that you can find a decentralized exchange that meets your needs. Just remember that when you create a new wallet, your private key will remain in your control. Store it somewhere safe so that you don’t lose it.
· Fund your wallet. After you are set up with a new wallet, it is time to fund it. You can generally fund your wallet using BNB, ETH, BTC, or other top coins. You can do this by buying coins from a centralized exchange and adding them to your wallet.
· Download your app. Having access to funds on the go is pivotal, so make sure to set up the mobile app. You can connect your wallet and access it from anywhere.
· Start trading. You can buy, sell, and trade via any exchange. Typically, you will be required to pair y our token, which typically involves entering an amount and competing the transaction.
A Strong Response from GMX
Though the hack is not something that a decentralized exchange wants to see happen, GMX seems to have handled the situation appropriately. It highlighted an exploit within its smart contract system, something that has already been addressed and (hopefully) dealt with.
In the end, users incur risk when it comes to trading on a cryptocurrency exchange. Those risks tend to be much higher when it comes to decentralized exchanges, but GMX showed that even major issues can be handled properly. As always, decentralized exchange users must remain vigilant in their own security measures. Cold storage wallets are always the superior option when combatting these issues.
