- GMX, a DEX specializing in futures and perpetual futures, has been allegedly hacked.
- PeckShield earlier estimated losses of $565,000, but the Tweet has since been deleted.
- Some industry players believe that GMX’s minimal spreads and low price impact for trading could open it up to exploitation.
Decentralized exchange (DEX) GMX allegedly experiences price manipulation on the AVAX/USD pair in key exchanges.
Open interest in AVAX long perpetual futures has accordingly been capped at $2 million, while open interest in AVAX short perpetual futures has been limited to $1 million.
Perpetual futures are a type of open futures contract without a settlement date. GMX offers spot and perpetual futures, with more than $342 million locked up on Arbitrum, a layer-two ETH solution, and $67 million on Avalanche’s blockchain.
Layer-two solutions like Arbitrum help improve Ethereum scalability by bunching up transactions and transmitting them to layer-one as a single transaction. Doing so reduces Ethereum transaction costs and congestion.
GMX is a decentralized exchange that offers a low fee for perpetual futures and spot trading. It runs on Arbitrum and Avalanche. It allows users to borrow up to 30x their initial margin to amp up futures betting. GMX receives aggregated prices for its assets using Chainlink price oracles.
Attack vector allegedly compromises AVAX price
Earlier today, blockchain security company PeckShield announced on Twitter, “Seems like $GMX on Avalanche exploited, resulting in ~$565k profit. Be Alert.” The company has since deleted the tweet, with GMX tweeting that they are reviewing the situation.
Another Twitter user, @derpaderpederp, also noted the alleged issue,” Seems like @GMX_IO got exploited on $AVAX and are now drastically reducing OI availability on $AVAX trading. Very bad management of the @GMX_IO team after they were warned weeks and months ahead.”
In response to GMX’s announcement, one Twitter user commented, “How exactly can this vector of attack be mitigated since the price manipulation can happen off-site? So long the exchange uses a price oracle any mitigation actions will be post-fact.”
Zig-Zag co-founder weighs in
On Sep. 3, 2022, Twitter user and founder of Zig-Zag @derpaderpederp said that anyone with intimate knowledge of GMX could manipulate the price of ETH, or in this case, AVAX since trading incurs no price impact on GMX. The DEX’s website says,” Enter and exit positions with minimal spread and zero price impact.” A spread is a difference between an asset’s buy and sell rate.
They could take a long position, buying $50 million of AVAX on GMX. They could then buy $40 million of AVAX on a centralized exchange like Binance or Coinbase at an elevated buy price. Upon closing the long position on GMX and receiving a profit, they could open up a $20 million AVAX short position and sell $40M of AVAX back to the centralized exchanges at a discount, pocketing a further profit.
This process can be repeated multiple times, draining the liquidity of GLP, the liquidity provider token on the GMX. GLP holds an index of assets used in leveraged trading on the platform. It can be minted using any index asset and burnt to redeem an index asset.
At press time, the company had not provided a way forward following the alleged hack.
This article was originally published on beincrypto.com