Following a devastating $42 million exploit that targeted the GMX V1 GLP pool on Arbitrum in July 2025, the DeFi platform has announced a thorough compensation plan to make affected users whole again.
The attack, which leveraged a reentrancy vulnerability, allowed the perpetrator to manipulate asset calculations and withdraw excessive funds from the protocol.
In a move that demonstrates resilience in the DeFi space, GMX successfully negotiated the return of approximately $37.5 million through an on-chain white-hat bounty arrangement.
The attacker kept roughly $5 million for their troubles—think of it as an unplanned, rather expensive security audit.
The final compensation structure, approved by community vote, totals $44 million and will be distributed as GLV tokens.
These tokens represent a vault product on GMX V2 and mirror the original pre-exploit GLP composition: 25% WBTC, 25% ETH, and 50% stablecoins.
GMX’s DAO treasury contributed about $2 million to cover the remaining shortfall after the fund recovery.
Users will receive two types of GLV tokens in equal proportions: GLV [BTC-USDC] and GLV [WETH-USDC].
This structure guarantees claimants maintain exposure to primary cryptocurrencies and stablecoins similar to their previous GLP holdings.
Importantly, GLP tokens held by the attacker—approximately 29% of the supply—were burned to restore proportional value for legitimate holders.
The transparent execution of this recovery plan aligns with the core benefits of DAO governance where all decisions and fund movements are visible to community members.
To encourage ecosystem stability, the GMX DAO has allocated a $500,000 retention incentive pool.
Users who hold their GLV tokens for at least three months will receive a pro-rata share of this pool.
It’s like being rewarded for not immediately running for the exit after someone yelled “Fire!”
The compensation plan comes after the exploit caused significant asset de-pegging that affected numerous liquidity providers on the platform.
Eligible users can claim their compensation through the GMX dApp by connecting wallets that held GLP at the snapshot time before the exploit.
The compensation plan, alongside security improvements and the unaffected GMX V2 architecture, demonstrates the platform’s commitment to accountability and improved risk management in DeFi.
After the exploit, GMX immediately halted GLP trading and redemption on both Arbitrum and Avalanche networks to prevent further losses while developing the recovery solution.
