After falling for a phishing scam, a GMX whale lost $3.4 million in GMX, the native currency of the decentralized trading platform GMX. The tokens were then sold on the open market.
On January 3, a number of community members saw strange GMX token trades. Security firms CertiK and PeckShield later recognized the transactions as part of an exploit that took $3.4 million worth of GMX tokens from a GMX whale.
The administrator of GMX's Telegram channel verified the phishing incident and made it clear that the GMX platform itself had no security flaws.
Security analysts PeckShield estimated that the attacker sent GMX worth roughly $3.4 million to another account and traded them for Ethereum. On-chain data shows that the perpetrator started taking money out of the victim's wallet on January 3 at 7 PM UTC. These stolen assets were bridged onto the Ethereum mainnet at an address that is believed to belong to the hacker.
82,519 GMX tokens were purportedly obtained by the hackers, who then exchanged them for 2,627 ETH, according to the data analysis program Lookonchain. The attackers then used the Hop and Across protocols to cross-chain the assets to the Ethereum network.
When questioned how they were certain that a hack had occurred, a moderator in the group replied that the team was in contact with the attack victim.
While the attack was occurring, the token's value dropped to below $37.8 before swiftly rebounding once more. At the time of writing, it is trading at around $41.5.
DeFi hackers were active over the holidays. On December 25, $12 million worth of digital assets were taken through a flash loan attack, wiping out Defrost Finance users. Flashloan attacks in December 2022 caused losses of about $7.6 million, up from about $5.2 million in losses in November, according to CertiK Alert.