Johnking🍪🐙
Johnking🍪🐙
BTC-1.39%
USDC0.00%
ETH+1.22%
ARB-1.21%
NO Hacker YES Portal Recently, a major DeFi platform @GMX_IO was hacked on the @arbitrum network, resulting in the theft of around $42 million in assets! 😵 @PortaltoBitcoin give a great breakdown of how this massive exploit was pulled off. To beat the enemy, you must first understand them! Let’s take a quick look ! 1️⃣ How Did the Hack Happen? GMX V1 has a liquidity pool called GLP, which held assets like ETH, BTC, and USDC deposited by users. The hacker used following method ➡️ Re-entrancy attack This is a technique where a smart contract function is repeatedly called before the balance gets updated, allowing multiple operations to sneak in undetected. Using this, the attacker minted a huge amount of fake GLP tokens (basically like printing unlimited counterfeit vouchers) These fake tokens were then swapped for real assets (ETH, BTC, USDC) and withdrawn. 🫣 Finally, the stolen funds were bridged out to other networks like Ethereum mainnet. here is eayy to say They printed fake receipts, exchanged them for real money, and vanished. 2️⃣ Why Was This Attack Successful? GMX V1 was built using a typical DeFi architecture Shared liquidity pool: All user assets are stored in a single contract. Mint/Burn LP tokens: Used to track liquidity provisioning. Complex on-chain logic: Handles balances, swaps, liquidation, and more within the same contract. This tightly coupled design leaves it vulnerable to re-entrancy attacks where a hacker can sneak in repeated calls before the system updates balances. Even though GMX went through multiple audits, design-level risks like pooled funds + complex logic + re-entrancy vulnerability still remained So, while audits can reduce bugs, they can’t eliminate structural weaknesses and that’s what led to this disaster. 🥲 3️⃣ How Could This Have Been Prevented? The answer lies in what @PortaltoBitcoin is building Atomic Swaps Here’s how Atomic Swaps differ: ❌ No liquidity pools. ✅ Assets stay in your wallet. ✅ The swap only executes if all conditions are met. ✅ If anything fails, your funds automatically return. ✅ No contract needs to hold funds or update state With this setups 1⃣There’s no vault to rob 2⃣No fake tokens can be minted 3⃣And re-entrancy attacks become impossible It’s basically the ultimate shield against hackers! With DeFi hacks on the rise, many projects are now moving toward this kind of architecture Atomic swaps, self-custody of user assets, and re-entrancy-proof designs That’s why the future is looking so bright for @PortaltoBitcoin
Gallery 1
Portal
Portal
𝗧𝗵𝗲 $42𝗠 𝗚𝗠𝗫 𝗲𝘅𝗽𝗹𝗼𝗶𝘁 𝗼𝗻 𝗔𝗿𝗯𝗶𝘁𝗿𝘂𝗺 𝗱𝗶𝗱𝗻’𝘁 𝗻𝗲𝗲𝗱 𝘁𝗼 𝗵𝗮𝗽𝗽𝗲𝗻. Could a single design choice have saved GMX and its LPs? Here’s exactly what happened, why it keeps happening in DeFi, and how 𝗮𝘁𝗼𝗺𝗶𝗰 𝘀𝘄𝗮𝗽𝘀 𝘄𝗼𝘂𝗹𝗱 𝗵𝗮𝘃𝗲 𝗽𝗿𝗲𝘃𝗲𝗻𝘁𝗲𝗱 𝗶𝘁 𝗲𝗻𝘁𝗶𝗿𝗲𝗹𝘆, ELI5 Style 🧵⤵️
Gallery 1
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.