Decentralized trading platform GMX has halted trading on its V1 protocol following a major $40 million exploit that drained a key liquidity pool. The attack targeted a pool containing Bitcoin, Ethereum, and stablecoins on Arbitrum, prompting GMX to freeze GLP token minting and redemptions on both Arbitrum and Avalanche as a protective measure.

According to the GMX team, the exploit did not affect the newer GMX V2 markets, liquidity pools, or the GMX token itself. Only GMX V1 and its GLP pool were impacted. Platform users were advised to disable leverage and prevent further GLP token interactions to reduce exposure.

Blockchain security firm SlowMist traced the exploit to a design flaw that allowed attackers to manipulate the valuation of GLP tokens by skewing the total assets under management. The stolen funds were transferred to an unidentified wallet, with no recovery announced so far.

This incident adds to a growing list of high-profile crypto hacks in 2025. Losses from such exploits have already reached $2.5 billion in the first half of the year. The Bybit hack in February alone accounted for $1.4 billion in losses. In June, Iranian exchange Nobitex lost over $81 million in an attack claimed by the pro-Israeli group Gonjeshke Darande.

Meanwhile, the U.S. Treasury's OFAC has sanctioned North Korean hacker Song Kum Hyok for infiltrating crypto platforms and defense firms. His team used social engineering and malware to penetrate networks and exfiltrate funds.

As security threats escalate, industry observers warn that sophisticated exploits could continue to deter broader adoption of decentralized finance platforms like GMX unless robust defenses are rapidly deployed.