- Decentralized exchange GMX might have suffered price manipulation on the AVAX/USD pair.
- Estimates losses from the incident exceed $500,000, per reports.
- The exploit was first noticed by on-chain security firm PeckShiled but the tweet was deleted shortly after.
- GMX responded with a cap on AVAX long and short futures trading.
GMX, a decentralized crypto exchange powered by Artibitrum and Avalanche, supposedly fell victim to a price manipulation exploit worth around $565,000 on the AVAX/USD pair, security company PeckShield tweeted on Sunday.
Although PeckShield deleted the tweet, other community members reported similar activities. PeckShield’s tweet allegedly read “Seems like $GMX on Avalanche was exploited, resulting in $565k profit. Be Alert.”
The GMX dex lives on Arbitrum and Avalanche as a platform that offers spot trading and perpetual contracts. Perpetual trading on the platform allows traders to leverage up to 30x margin on futures trades.
The few known details regarding the situation suggest that the AVAX/USD perpetual pair was exploited. In response, the dex has capped AVAX long perpetual futures at $2 million and AVAX short perpetual futures at $1 million. The occurrence is in review, per a tweet from the exchange.
GMX Warned On Price Manipulation Vector
Over a week before the suspected exploit, a Twitter user @derpaderpederp opined that GMX could suffer a price manipulation exploit on Ether (ETH) trades since the exchange is not exposed to price impact. The same theory applies to other assets, and in this case AVAX since the dex offers minimal spread and zero price impact.
The difference between the buy and sell rate of an asset is called a spread.
An exploiter could leverage this price vector and make profits off opening long positions on the dex and doing the same on a centralized exchange like Binance or FTX. More profits could be made from short positions with a lower asset amount to generate extra profits.
Notably, the process is repeatable. However, such actions drain the platform’s liquidity provider token – GLP. At press time, the dex has not issued a full statement regarding the potential exploit.