DISCUSSION: Resolve the Distribution Plan for the Recovered Funds from Arbitrum GLP

What Happened

On July 9, 2025, a user disclosed a live vulnerability in the GMX V1 deployment on Arbitrum. This vulnerability allowed for ~$42 million of the ~$46m value in GLP on Arbitrum to be compromised and withdrawn to an external wallet. Following outreach by GMX, the funds were returned and are now with the DAO, awaiting distribution to the liquidity providers in the Arbitrum GLP vault. The recovered amount, after accounting for a bug bounty and the residual value in GLP, represents the majority of, but not all, the funds in Arbitrum GLP at the time of the incident.

The recovered funds were located on Arbitrum and Ethereum mainnet, and have been converted or retained in stablecoins (FRAX + USDT) to ensure that as much of the value removed from GLP as possible remained intact.

Emergency actions were implemented by contributors and committees delegated by the DAO after real-time consultation with key security partners and an assembled war room of experts, established to help navigate this incident. Decisions were made within the delegated authority, including specifically for administering the bug bounty program with Immunefi, but reflecting the specific situation.

GMX V1 remains paused on Arbitrum and Avalanche, and any fees generated from the epoch of the incident onwards from GLP are being held in the DAO treasury. While a review and decision from the DAO will be concluded in parallel, feedback from various groups, including contributors, indicates that restarting V1 (GLP) seems challenging, and sunsetting it is the most probable outcome. Efficient distribution plans will include upgrades to burn the GLP tokens in the wallet that discovered the vulnerability and currently holds 29% of all GLP.

GMX V2 was, is, and remains unaffected by this vulnerability in the V1 codebase, with trading and liquidity provision continuing as normal.

What Now

With the live risk phase behind us, the DAO needs to evaluate and decide on the process to define the scope and options for distributing recovered funds to affected users:

1. Methodology of Distribution
2. DAO-Sponsored Reimbursement
3. Form of Distribution

Methodology of Distribution

• Reconstituting GLP itself

  • Theoretically possible, but this approach is practically unworkable.
  • During the exploitation of the vulnerability, the GLP token balances were altered, and further changes occurred through mints and redeems after the incident. These changes need to be fairly accounted for.
  • Numerous DeFi protocols on Arbitrum are built on GLP, and they may face issues due to the altered values of the assets in GLP. Resolving this would require tailored solutions
  • All of this would be subject to a lengthy complete re-audit of V1, including all new changes.

• Claim + Redeem Process

  • Establish an audited claim contract that would allow GLP holders to receive the distribution of recovered proceeds, plus any DAO-provided funds to reconstitute the full value of the vault
  • Enable users to claim residual proceeds in GLP directly from the vault, while aiming to create no significant difference between those who have already redeemed and those who have not, thus reducing overall complexity.
  • Audits of a claim contract that includes the ability to distribute multiple tokens are much less complex and don’t have the surface area of GMX V1. This reduced complexity allows for quicker recovery, especially for those funds not in smart contracts.
  • Conduct a manual process for all smart contracts interacting with V1, with a proposed time limit of 6 months, aiming to minimise overhead for edge cases.
  • A claim contract can also require acceptance that receiving such distribution constitutes the full and only claim against the GMX DAO and its affiliates.

DAO-Sponsored Reimbursement

The numbers shared below are preliminary, but provide the DAO with a reasonable estimate of their order of magnitude. Contributors may provide further updates as they become available.

The above summary estimates a shortfall of ~2.0m for Arbitrum GLP holders compared to the available assets in GLP prior to the incident on July 9th.

The DAO is committed to paying bounties through the formal Immunefi program, following an approved process established through consultation between contributors and the Security Committee. Due to the sequence of events, this security incident was handled similarly to an Immunefi bounty, as recommended by all experts involved, including the Security Committee, although it could not adhere to the standard process.

Over time, GMX DAO has built up a treasury of diverse assets, formed from the historical floor price fund established from proceeds of GMX V1, the ongoing 10% of GMX V2 fees directed into the treasury, along with other sources.

Options:

• Make distribution contracts available to GLP holders for the recovered funds, enabling them to claim residual proceeds from GLP (94% of pre-incident value)
• In addition to funds recovered and residual in GLP, utilise segregated V1 fees from the incident along with treasury funds (inclusive of stables, ETH, GLV, and GMX) to reconstitute amounts materially similar to the 46m in GLP before the incident

Form of Distribution

• Distribution as GLV

  • This approach involves utilising the available funds to create approximately equal exposure to GLV [WETH-USDC] and GLV [WBTC-USDC], or potentially new GLVs with alternative stablecoins
  • This method would return assets to liquidity providers that are most similar in economic exposure to those they previously held in GLP, and allow them to continue earning during the establishment period and until the eventual claim.
  • Many GLP holders are long-term investors who may not interact with the protocol for months at a time. This ensures they are not left without exposure during these periods, which can last for months or longer until claims are made.

• Distribution as Stablecoins

  • This method simplifies accounting, as the mapped value will remain consistent over time, regardless of changes in the underlying assets
  • The majority of the recovered funds are already held in stables
  • Any unclaimed funds would, in theory, either remain in stablecoins indefinitely or be allocated as determined by the DAO

The administration of the amounts and the distribution process, as determined by the DAO, will be undertaken by contributors in consultation with the Security Committee, which holds the majority of the recovered funds and will execute the requisite transactions.

The distribution process may also involve the DAO making transitional investments to purchase additional GLP, to help facilitate the orderly closure of any remaining liquidity for user redemption, depending on the pace of open positions closing out.

Next Steps

As next steps, we would like to initiate discussions regarding the above proposal and seek community feedback over the course of the week. Once we gather input from the community, we can present a finalised set of options for formal consideration by the DAO.

Not a delegate myself, but I’d lean towards not restarting GLP, considering trust in it was damaged, and trading volume on V1 was already dwindling.

Intuitively, I’d prefer making GLP holders whole, out of principle. Though it’ll take a significant chunk out of the Treasury. Regarding the assets to distribute; both options have their advantages. Will ponder it more.

1. Creating GLV for fund return benefits the GMX liquidity pool. However, during this period, the token may experience a significant price increase. Creating an LP at this time could cause users to assume more risk. Additionally, processing the fund distribution would take longer, potentially further eroding user trust.
2. **Returning funds directly in stablecoin will undoubtedly reduce platform liquidity in the short term. However, loyal users who receive the funds will proactively reinvest them into a more secure GLV over the long term. Furthermore, the fund return plan can be concluded in the most expedited manner.
   PS：Will the proposal on ARCHI be consolidated and resolved together?

As for the funding gap, I think it’s acceptable for users to bear 5%, because users should fully understand the risks and bear the main responsibility when using the platform (not GMX’s active evil)

I adhere on the side of returning 100% of the user funds, if feasible. I completely understand the take that people accept the risk they take when using the protocol but I think it’s only fitting that GMX goes the extra mile and cements itself as the protocol that went above and beyond. 94% is close enough but 100% changes the perception altogether.

Fully support the treasury making GLP users whole.

I also lean towards distributing stablecoins for the reasons mentioned.

The gap of $2 million is not large, and it is recommended to pay in full, which can enhance confidence in the gmx protocol. At the same time, GLP has many long-term holders and is currently on an upward trend. In order not to waste investment opportunities, I suggest replacing it with v2 LP glv.

At the same time, no matter which option, please initiate a vote as soon as possible. It takes several weeks to collect opinions, which is too long! Don’t waste everyone’s investment opportunities.

Saurabh, how necessary is this “claim” function?

In a previous Jonzee communication, he said a snapshot has been taken of just right before the funds were stolen, and then right after. Are the 0x addresses of the GLP holders not visible from there? (If not, pardon my ignorance).

Personally I don’t think you should set up a reconstitution system that could result in the existence of “unclaimed funds”.

I believe that it is best to settle with GLP token holders in stablecoins as quickly as possible. Take the GLP rate at the time of the hack (about 1.45) as the basis and recalculate all deposits at this rate. Yes, there will be losses due to exchange rate differences if the price of Bitcoin and Ethereum continues to rise. But it is better to accept them now and receive them in your wallets and then use them in the project according to the depositors’ wishes.

Full recovery is consistent with the language used a few times by GMX referring to the immunefi bounty program. The bounty was 5m but 3m out of that was covered by price movement since the user swapped most funds to ETH before ETH started moving up (2650 to 3000 ish).

In my opinion it’s best to recover assets as soon as possible in stables and move on from this matter and fully embrace v2. If moving assets to GLV doesn’t create any additional friction as compared to stables then that’s fine too.

And important to take into account the ~6% remaining GLP v1 value that most wallets still hold. Will those assets be claimable by selling the GLP or in some other way?

I think both the approaches are fair. Whatever is more beneficial for the protocol and can be done in a set timeline so the glp holders can relax should be chosen.

It seems likely that the protocol will move away from GLP and focus on V2 going forward (right decision).

We need to talk about ESGMX that is locked and needs to be vested using GLP. There needs to be a solution for people and it should be discussed alongside distribution conversation.

Maybe GLP’s internal pool of assets could be reduced to just a few USDC or something, so that 1 GLP only costs $0.000001 or some similar value. Then just leave it be, and continue to allow the esgmx holders the option of continuing to stake their esgmx or vest it. No need to punish esgmx holders. In this scenario the GLP wouldn’t earn any APR since no more v1 trading.

Whatever the case may be, this parallel discussion should probably be in it’s own thread. I feel like there’s three separate issues that require their own threads so we don’t all drown in noise:

1. This thread on how best to distribute the recovered stolen funds to their rightful owners
2. What to do about the remaining funds in GLP
3. What to do about ESGMX that isn’t currently in a vesting vault

Right now the single biggest priority should be reuniting the victims of the exploit with their property. Topics 2 & 3 really aren’t the mega-priority that Topic 1 is.

I agree with the fundamentals of what you’re saying. The funds belong to the address holders and not the GMX committees/contributors. Returning the stolen property to their rightful owners as quickly as possible should be far, far more important than “what’s best for the platform’s liquidity”, as it indicates a massive disconnect in priorities.

I mean is the goal to reunite the exploit victims with their recovered funds, or is it to add liquidity to v2 and take up more dev time and prolong this sorry chapter?

If the choice is a formula of:

1. (Value in USD of address’ GLP holdings on block just before hack) - (Value in USD of address’ GLP holdings presently) - (Value in USD of address’ of any GLP the address holder sold after the hack) = amount of USDC to send back to that address. I mean wouldn’t this just be “Snapshot of block before theft” - “Snapshot of block after theft” - “Snapshot right before distribution” = what’s owed? The first two components (value of GLP right before & after) was the basis of the $42m number as what was stolen right, so at least that’d be consistent, and then the current snapshot would account for people that sold their GLP after the exploit. I’ll grant you this doesn’t account for the opportunity cost that GLPer’s suffered (GLP probably would have gone from $1.45 to like $1.48 or so), but we’re trying to make the best of a bad situation in a limited timeframe, not the perfect of a bad situation.

2. Contributors/Devs stopping work on multichain & other work (since time is a finite resource) to write new complex contracts in order to set up new GLV holdings that then require a wallet confirm step by the users, all the while adding additional unnecessary time to reuniting the exploit victims with their recovered funds.

Maybe there’s some elements to this that I’m not accounting for. If so I apologize and ask you to bring those to light so we’re all aware of the technical limitations or financial inconsistencies that I may have missed. And that “simple math equation” I mentioned didn’t factor in any other considerations (if there are any please tell us).

I’m in favor of a simpler stablecoin distribution because I don’t want to prolong reuniting exploit victims with their funds, and I certainly don’t want a scenario where some exploit victims NEVER get their funds returned due to the DAO choosing a bunch of extra steps that need to be jumped through, along with a significantly expanded and complicated scope. (Or the proposal vote-creator writing up the options for the DAO vote in such a way that “unnecessary extra hoops that prolong this” is included in every option anyway).

Yes, it will be

Claiming is needed since we can’t deposit the funds back into GLP. Claiming is preferred over an airdrop to an address that can’t move the funds then they would be stuck.

Yes, we can get the holder list, as mentioned above, separate claiming is needed since we can’t deposit the funds into GLP directly.

esGMX can still be vested with GLP if there are a lot of users that need to mint GLP to vest their esGMX, then that would be a separate discussion.

I agree with the fundamentals of what you’re saying. The funds belong to the address holders and not the GMX committees/contributors. Returning the stolen property to their rightful owners as quickly as possible should be far, far more important than “what’s best for the platform’s liquidity”, as it indicates a massive disconnect in priorities.

This summarizes it well. The priority should be speed and getting as close to 100% as possible, I believe most users will be fine with the ~94% return if it’s safe, stable and soon.

I would also vote for reimbursement in stablecoins rather than LP tokens, I would argue that users of V1 chose not to use V2 for one reason or another and redeeming them in assets they didn’t want in the first place doesn’t make much sense.

As for the best interest of GMX I believe the speed, and clarity should be prioritized over attracting liquidity at this crucial point. If you deal with the situation properly users trust will rebuild soon.

I think speed of recovery is key. As users would be missing the upside of the markets moving now.

Reimburse in full, quickly, and then allow users to use GLV themselves if required. Stablecoin route is best for that.

Once the proposal is passed, i think we need a quicker turnaround time, that is the most secure as well.

Additionally:

• have a way for users to verify there claims before the official claim process starts
• window for claim period can be set
• Guide users to glv pools: additionally

I’d like to offer the following suggestions to enhance clarity, fairness, and long-term alignment with the GMX ecosystem:

Full Reimbursement Commitment
It’s essential that the DAO commits to a full reimbursement of the estimated $46 million value of GLP at the time of the incident. The community would be more confident making decisions if the DAO explicitly states that any shortfall will be covered, including an outline of where the remaining funds will come from (e.g. treasury, V1 fees, etc.).

Timelines for Completion
We should establish estimated timelines for:

    When GLP holders can begin claiming recovered funds (GLV or stablecoin).

    When full reimbursement is expected to be completed.
    This will help users plan accordingly and reduce uncertainty.

Preferred Distribution Method: GLV 
Distributing in the form of GLV is the most balanced option:

    It allows long-term GLP holders to maintain similar exposure and continue earning yield.

    Those who wish to exit can choose to withdraw.

    This approach preserves TVL, benefits the protocol’s health, and is inclusive of inactive wallets or users who may not immediately claim.

Overall, the GLV-based opt-out system appears to be the fairest and most sustainable path forward. It supports both the individual users’ rights and the long-term resilience of the GMX ecosystem.

Okay so its an issue of some of the addresses being other arbitrum “vaults” and the like? That’s understandable.

This shouldn’t be relevant in the slightest. The focus should be on returning the exploit victims their funds in the simplest, most expedited form possible, rather than “what’s best for TVL.” It’s not the DAO’s money to use in a way that benefits protocol liquidity. It’s our stolen property, and we’d like it back.

I’m not completely opposed to the GLV solution, but if its chosen it should be for the right reasons, and not the wrong reasons.

Have you considered the risks taken by GLP users during this period? The price of ETH was 2600$ at that time and now it is 3600$

Well I think the implication is if GLP is suspended going forward that is not the case (that new GLP can be minted) to vest new esgmx.

I just think there needs to be visiblity here because while trying to make GLP holders whole we could be stranding other users money who helped bootstrap the protocol.