GMX Allegedly Exploited For Over $565,000 On Avalanche (AVAX)

Summary:

• Decentralized exchange GMX might have suffered price manipulation on the AVAX/USD pair.
• Estimates losses from the incident exceed $500,000, per reports.
• The exploit was first noticed by on-chain security firm PeckShiled but the tweet was deleted shortly after.
• GMX responded with a cap on AVAX long and short futures trading. 

GMX, a decentralized crypto exchange powered by Artibitrum and Avalanche, supposedly fell victim to a price manipulation exploit worth around $565,000 on the AVAX/USD pair, security company PeckShield tweeted on Sunday.

Although PeckShield deleted the tweet, other community members reported similar activities. PeckShield’s tweet allegedly read “Seems like $GMX on Avalanche was exploited, resulting in $565k profit. Be Alert.”

The GMX dex lives on Arbitrum and Avalanche as a platform that offers spot trading and perpetual contracts. Perpetual trading on the platform allows traders to leverage up to 30x margin on futures trades.

The few known details regarding the situation suggest that the AVAX/USD perpetual pair was exploited. In response, the dex has capped AVAX long perpetual futures at $2 million and AVAX short perpetual futures at $1 million. The occurrence is in review, per a tweet from the exchange. 

We were notified of price manipulation of AVAX/USD on reference exchanges by monitoring systems and community members.

While we review the occurrence, open-interest for AVAX has been capped at $2m long / $1m short.

GLP and GMX trading markets continue to operate normally.

— GMX 🫐 (@GMX_IO) September 18, 2022

GMX Warned On Price Manipulation Vector 

Over a week before the suspected exploit, a Twitter user @derpaderpederp opined that GMX could suffer a price manipulation exploit on Ether (ETH) trades since the exchange is not exposed to price impact. The same theory applies to other assets, and in this case AVAX since the dex offers minimal spread and zero price impact.

A great point is made here by @taureau_21 but he hasn't grasped the full implications of what he said in my opinion.
Zero price impact platforms like $GMX open themselves up for price manipulation exploits and it is why $GNS has moved away from this model several months ago.
A 🧵 https://t.co/dt2ezfY2oA

— Midgetwhale (@derpaderpederp) September 3, 2022

The difference between the buy and sell rate of an asset is called a spread. 

An exploiter could leverage this price vector and make profits off opening long positions on the dex and doing the same on a centralized exchange like Binance or FTX. More profits could be made from short positions with a lower asset amount to generate extra profits.

Notably, the process is repeatable. However, such actions drain the platform’s liquidity provider token – GLP. At press time, the dex has not issued a full statement regarding the potential exploit.