- GMX suffered a $565,000 exploit in which holders of its liquidity token GLP suffered maximum pain for providing liquidity to savvy traders.
- The exploiter capitalized on price manipulation, engaging in several large trades against GLP holders because of fixed prices supplied by Chainlink-run oracles.
- Liquidity providers lose when traders profit; attackers exploited this vulnerability and drained GLP holders of their funds.
An exploiter deployed millions of dollars to manipulate the price of Avalanche (AVAX) on the decentralized exchange GMX. The exploit resulted in a loss of $565,000 for holders of the exchange's liquidity token GLP, by using a strategy that took advantage of a loophole on the liquidity pool platform.
Also read: Luna Classic: Why crypto Twitter is pushing for 1000x gains
GMX suffered a $565K price manipulation ‘exploit’
GMX’s competitor’s founder said on September 2 that an exploit could be pulled off on the decentralized exchange, leaving GLP (liquidity provider token) holders short. Exactly 16 days later, on September 18, it happened.
The exchange suffered a price manipulation exploit, and the attacker capitalized on GMX’s “minimal spread” and “zero price impact” features to pull off the exploit. GLP token holders who provided liquidity in the form of Avalanche tokens to the GMX exchange suffered a loss of around $565,000 in the Avalanche AVAX/USD market.
We were notified of price manipulation of AVAX/USD on reference exchanges by monitoring systems and community members.
— GMX (@GMX_IO) September 18, 2022
While we review the occurrence, open-interest for AVAX has been capped at $2m long / $1m short.
GLP and GMX trading markets continue to operate normally.
Joshua Lim, the head of derivatives at Genesis Trading, is one of the first crypto proponents to analyze the exploit. Lim argues that offering liquidity to savvy traders is a necessary but painful part of the process. Holders of GMX’s liquidity provider token GLP lost their holdings to the exploit.
The attacker opened large positions at zero slippage and successfully extracted profits from GMX’s AVAX/USD market. The chart presented the event as a sinusoidal pattern for over an hour as the trader orchestrating the attack switched from long to short five times.
AVAX-USD
The first cycle took place from 01:15 to 01:28 UTC, and the trader extracted roughly $158,000. The trader repeated it five times (with less impact each time) and extracted between $500,000 to $700,000 in profit. The net collection by the attacker was less than $700,000 since they paid spread to market-makers on other venues.
Attack on the AVAX-USD pool
Lim argues that GMX was designed in a manner to facilitate this exploit; by design, there was a loophole that the attacker exploited since Chainlink-run oracles do not factor in the impact on price of large market-moving orders.
In contrast, on the FTX exchange, Lim explains, traders pay some slippage – the difference between the expected price of a trade and the price at which the trade is executed. This explains why the attacker chose GMX instead of FTX where perpetual contracts are available.
Slippage comes into the picture when you buy in a large volume. When a trader purchases 200,000 units of AVAX-PERP on FTX, for example, the price would typically climb from $17.95 to $20.25. This implies a trader would suffer a loss on FTX exchange and the other avenues when moving the funds.
GMX, however, does not reflect the true cost of liquidity; due to the Chainlink-run oracles, there is unlimited liquidity at a mid-market oracle price.
GMX has not offered any compensation to affected GLP token holders. Traders who provide liquidity to savvy traders should be wary of similar possible exploits in the future.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.
If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.
FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.
The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.
Recommended Content
Editors’ Picks
Binance CEO calls CFTC suit “disappointing” as district court halts Voyager $1 billion sale to Binance.US
Voyager’s deal with Binance’s United States entity, Binance.US, faced another hurdle on March 27, the same day that the Commodity Futures Trading Commission (CFTC) went after the crypto exchange. This is the second time in the span of a month that Voyager’s deal has been objected against by the government.
90% of Ethereum supply leaves exchanges as regulators struggle to classify ETH as Security or Commodity
Ethereum is known not only as the second-biggest cryptocurrency but also as the second-generation cryptocurrency. The blockchain not only brought Decentralized Finance (DeFi) to the crypto space but also framed a target on its back following its Proof of Stake transition plan.
This is how EOS holders responded to the network's EVM testnet launch, what to expect this week
The first milestone on the EOS Network Foundation’s roadmap, the completion of the EOS EVM (Ethereum Virtual Machine) code, was achieved on March 22, starting the countdown to the launch of the EOS testnet. Well, it is finally here and the community is elated as it brings them closer to the mainnet release on April 14.
XRP price recovers above $0.44 as court ruling approaches, will Ripple win against the SEC?
XRP price has kept its momentum, flashing green on the one-day timeframe as the countdown to the Ripple vs SEC lawsuit continues. The remittance token is moving in tandem with our prediction last week, soaring by a significant margin to secure a place among the best-performing cryptocurrencies on a one-week timeframe.
Bitcoin: Should you trust this BTC sell signal or wait for $34,000?
Bitcoin price shows a clear picture of its rally after it breached a long-term bullish pattern in mid-January. As the rally takes a breather, sell signs have started to emerge, which is putting investors in a confused state.