- Decentralized exchange GMX may have experienced price manipulation on the AVAX/USD pair.
- Estimates of losses from the incident exceed $500,000, according to reports.
- The exploit was first noticed by blockchain security firm PeckShiled, but the tweet was deleted soon after.
- GMX responded with a cap on AVAX’s long and short futures trades.
GMX, a decentralized crypto exchange powered by Artibitrum and Avalanche, was allegedly the victim of a price manipulation exploit worth around $565,000 on the AVAX/USD pair, security firm PeckShield tweeted on Sunday.
Although PeckShield deleted the tweet, other members of the community reported similar activity. PeckShield’s tweet reportedly read “Looks like $GMX on Avalanche has been mined resulting in a profit of $565,000. Be on the lookout.”
The GMX dex lives on Arbitrum and Avalanche as a platform that offers spot trades and perpetual contracts. Perpetual trading on the platform allows traders to leverage up to 30x margin on futures trading.
The few known details regarding the situation suggest that the AVAX/USD perpetual pair has been exploited. In response, the dex capped AVAX Long Perpetual Futures at $2 million and AVAX Short Perpetual Futures at $1 million. The event is under review, per a tweet from the exchange.
GMX warned against price manipulation vector
More than a week before the suspected exploit, Twitter user @derpaderpederp opined that GMX could suffer a price manipulation exploit on Ether (ETH) transactions since the exchange is not exposed to the impact of price. The same theory applies to other assets, and in this case AVAX since the dex offers minimal spread and zero price impact.
The difference between the buying and selling rate of an asset is called a spread.
An exploiter could take advantage of this price vector and profit by opening long positions in the dex and doing the same on a centralized exchange like Binance Where FTX. More profits could be made from short positions with a lower amount of assets to generate additional profits.
Notably, the process is reproducible. However, such actions drain the platform’s liquidity provider token – GLP. As of press time, the dex has not released a full statement regarding the potential exploit.