Funding partnership: Rekt News perpetual DEX security educational coverage

TL;DR

Rekt News (rekt.news) proposes a 12-month partnership with GMX DAO to produce dedicated educational content covering perpetual DEX security. Output: 4 long-form investigations, 1 case study on the GMX $42M reentrancy response and $5M white-hat bounty resolution, 4 distribution features across newsletter (~30K subscribers) and X (~280K followers @RektHQ), 1 video documentary, 1 podcast panel and a dedicated perpetual DEX security tag on hub.rekt.news. Topic selection collaborative with GMX; framing, conclusions and incident coverage stay editorially independent. Ask: 40,000 USDC, 4 quarterly tranches against shipped deliverables.

Who we are

Rekt News (rekt.news) was founded by Julien Bouteloup and has operated since 2020 as an independent investigative publication covering DeFi security. No paywall, no token, no VC funding. Approximately 280K X followers (@RektHQ), 30K+ newsletter subscribers, 42K monthly readers. Routinely cited by audit firms, governance forums and security researchers.

We hosted the inaugural Rekt Security Summit in Cannes, March 2026 (https://summit.rekt.news). 40+ speakers including Ethereum Foundation, Certora, Nethermind, Trail of Bits, Immunefi, Cyfrin, Hypernative, Aragon, Curve and Gnosis VC. Full session recordings: Rekt Security Summit - 2026 - YouTube

Our prior coverage of GMX:

• “GMX” (July 2025): the original $42M GLP reentrancy investigation. Rekt - <!-- -->GMX - Rekt

• “Cutting Corners” (Sept 2025): comparative analysis of post-incident bounty models, examining how GMX’s $5M white-hat resolution compares to similar incidents at KiloEx and others. Rekt - <!-- -->Cutting Corners

Operating entity located in Switzerland.

Why this proposal

Perpetual DEXs hold significant user capital and the educational layer for this category is fragmented. There is no consistent, well-distributed independent record of perp DEX security incidents, post-mortems and architectural lessons. Most coverage is either protocol-controlled marketing or low-effort exploit-as-spectacle.

Rekt has the editorial capability and reach to fill that gap with educational content the whole category benefits from. This proposal funds us to do it for 12 months with GMX as the anchoring supporter.

Why GMX specifically should fund this

GMX users and traders benefit when there’s a credible independent record of how perpetual DEX attack vectors manifest, get detected and get mitigated. That’s a brand-relevant public good for the whole perp DEX category.

The July 2025 $42M reentrancy response is itself worth consolidating. Right now it lives across scattered post-incident analyses, audit firm write-ups and our own coverage in “GMX” and “Cutting Corners.” A standalone reference piece on the timeline, the white-hat negotiation and the $5M bounty resolution makes the response adoptable as a template by other protocols and reinforces GMX’s reputation for responsible incident handling.

GMX’s competitors will also continue to have incidents. Independent coverage that includes those incidents, set against GMX’s design choices, is brand-positive for GMX by comparison. We don’t promise this framing in advance, but it’s a likely natural outcome of independent work done well.

Editorial scope and independence

This proposal funds Rekt News to produce educational content covering perpetual DEX security. Topic selection and editorial planning for the deliverables happen in collaboration with the GMX marketing team and GMX contributors. GMX may suggest topics, propose angles and review draft content for factual accuracy and clarity. Rekt retains final editorial decision on framing, conclusions and headlines.

Coverage of security incidents is treated separately. If GMX or any perpetual DEX protocol experiences a security incident during this partnership, that coverage is not part of the educational scope above and is not subject to collaborative input. Incidents are covered with the same depth we applied to the original $42M GMX reentrancy investigation and the comparative analysis in “Cutting Corners.”

Disbursement is contingent on the listed deliverables being publicly published. It is not contingent on coverage tone or the specific framing of any individual piece. A GMX-designated representative verifies that each deliverable exists at each tranche.

This commitment is documented in this proposal so it is enforceable as a community expectation, not just a promise.

Deliverables (12 months)

All deliverables published openly on rekt.news under standard editorial terms. Public URLs reported at each tranche review.

1. 4 long-form investigations on perpetual DEX security. Topics determined collaboratively at scope-planning sessions with GMX. At least 1 will involve GMX-stack architecture (oracle adapters, liquidation engine design, GLP composability, cross-margin risk). At least 1 will cover competitor architectures (dYdX, Hyperliquid, Drift, Vertex, Synthetix) for contextual comparison.

2. Case study on the GMX $42M reentrancy response and $5M white-hat bounty resolution. Standalone reference piece consolidating the timeline, the negotiation process, the on-chain evidence preservation and the resolution mechanics as a template for the industry. Builds on our existing pieces “GMX” (rekt.news/gmx-rekt) and “Cutting Corners” (rekt.news/cutting-corners).

3. 4 distribution features across Rekt’s owned channels (newsletter ~30K subscribers + @RektHQ on X ~280K followers). Format at editorial discretion (newsletter feature, X thread or X mention with substantive context).

4. 1 video documentary covering perpetual DEX security. Production by Rekt’s video team. Published on YouTube and embedded on rekt.news.

5. 1 podcast panel on a perpetual DEX security topic, with relevant security researchers, auditors and contributors as guests. Distributed via Spotify and YouTube. Recording archived on rekt.news.

6. Dedicated perpetual DEX security tag on hub.rekt.news with all relevant coverage organised and discoverable. Maintained through the 12 months.

Strategic partnership with TheDefiant (optional extension)

Rekt holds a strategic content partnership with TheDefiant (~327K followers on X, ~130K subscribers on YouTube), under which co-productions are distributed across both communities. Example output, originally tied to a Stellar engagement and shared across three communities (Stellar, TheDefiant, Rekt): https://x.com/RektHQ/status/2047368048806408409

If the GMX community sees value, we are open to reframing this proposal to include joint content production and cross-community distribution with TheDefiant. Concrete options include co-production of the video documentary, co-production of the podcast panel or additional joint formats. Cross-community reach would extend materially beyond Rekt’s owned channels. Specifics would be negotiated during the RFC discussion or in a follow-up revision based on community appetite.

Budget

40,000 USDC total, disbursed in four equal quarterly tranches of 10,000 USDC against verified delivery of milestones.

• T0 (signing) — 10,000 USDC. Triggered by Snapshot pass and signed agreement.

• T1 (month 3) — 10,000 USDC. Triggered by: perpetual DEX security tag live on hub.rekt.news with at least 3 indexed pieces; first long-form published; 1 distribution feature published.

• T2 (month 6) — 10,000 USDC. Triggered by: $42M reentrancy / $5M bounty case study published; at least 2 long-forms total; podcast panel published; 2 distribution features total.

• T3 (month 12) — 10,000 USDC. Triggered by: video documentary published; 4 long-forms total complete; 4 distribution features total.

Disbursement contingent on listed deliverables being publicly published. A GMX-designated representative verifies existence at each tranche. No editorial review.

Funds transferred to a wallet controlled by Rekt News (Stake Capital Group, Switzerland).

Why USDC, not GMX or GLP

USDC keeps the funding politically neutral. No implicit ties to GMX token price, no exposure to GMX-stack mechanisms during the work period, no perceived conflict in coverage of GMX-token-related events.

Reporting and accountability

• Quarterly public reports on rekt.news listing all deliverables shipped against the milestones, with public URLs.

• On-chain transparency: every tranche reported with receiving address and tx id.

• Community accountability: if a substantive objection to a tranche is raised in the GMX governance forum or directly to the designated multisig signers, release is paused pending community resolution (forum consensus or, where needed, a brief Snapshot vote).

• End-of-partnership retrospective at month 12: public write-up of what worked, what didn’t and what we recommend GMX (and other DAOs) do differently in similar future partnerships.

What this is not

This proposal funds educational content, not promotion. This is not paid for favorable coverage. This is not a content partnership where GMX has approval rights over framing, conclusions or coverage of security incidents. This is not a retainer for media access. This is not exclusive: we expect to do similar partnerships with other DAOs where the reciprocity case is comparable (Aave, Compound, Curve, Gnosis, Uniswap) and will disclose those publicly.

Discussion

We are posting this as RFC, not yet as a Snapshot vote. Two weeks of community discussion. Feedback welcome on:

• Scope of the 4 long-form investigations (any GMX-architecture security topic the community wants prioritised in the collaborative scope-planning?)

• Tranche trigger structure (would the community prefer different milestone formulations?)

• The reentrancy / bounty case study (would GMX contributors want to co-author technical sections, without editorial veto?)

• Podcast panel format (any specific guest invitation list the community wants suggested?)

• TheDefiant integration: would the community see value in extending the proposal to include co-production with TheDefiant for the video, the podcast or additional formats, with cross-community distribution? If so, we will return with a revised scope.

We will iterate based on substantive feedback and move to Snapshot if the community signals support.

Submitted by: Stake Capital Group. Julien Bouteloup, Founder of Rekt News and CEO of Stake Capital Group. Working contact for clarifications: Diogo Patão, Operations, diogo@rekt.news. Institutional contact: governance@stake.capital.

Hey @GovernanceSCG, Thank you for the proposal,

I do not support this proposal.

The timing does not feel appropriate. The incident occurred nearly a year ago, the funds were fully recovered and returned to the community, and the relevant details have already been extensively documented through official announcements, post-mortems, and third-party coverage. It is unclear what incremental value a dedicated retrospective would provide to GMX or its users at this stage.

More importantly, the DAO’s current priority should be regaining market share, growing GMX V2, attracting traders, and expanding ecosystem adoption. This proposal does not appear to meaningfully contribute to any of those objectives.

I also do not believe the requested budget is justified. A cost of 40,000 USDC is difficult to rationalize given the expected deliverables and distribution reach. For comparison, GMX Labs previously collaborated with Cyfrin on educational content that achieved broader reach while directly supporting developer onboarding and ecosystem growth.

While I appreciate Rekt’s work and the emphasis on editorial independence, I do not see a sufficiently strong return on investment for the DAO. Given GMX’s current priorities, I believe treasury resources would be better allocated toward initiatives that directly drive protocol usage, trader acquisition, liquidity growth, or developer adoption

I would suggest changing the content from the 42m hack into something more positive, as GMX is trying to gain market share for traders, we got to attract them through positive means.

The numbers are justifiable and fair, if you could modify the content that could lure traders to the platform im sure more stakers would agree. The DAO definitely needs more marketing.

Hey Saurabh,

Thank you for the feedback. It’s a pleasure to discuss our initiative with the GMX community and accommodate all points of view.

On the retrospective and timing. You’re right the V1 timeline is well-documented (GMX’s post-mortems, audit firm write-ups, our two existing pieces “GMX” and “Cutting Corners”). The case study isn’t the centerpiece though. It’s the smallest of six deliverables (~$10K of $40K). What earns it the slot is the $5M white-hat bounty resolution mechanics — that’s a template other protocols can adopt.

The bulk is forward-looking: 4 long-form investigations on perp DEX security, at least one on GMX V2 architecture, plus video, podcast and ongoing distribution.

On DAO priorities (V2 growth, market share, trader acquisition). This is where I think the original text didn’t make the case clearly enough. Independent editorial coverage IS market positioning. Trader confidence in V2 is a function of perceived safety, and a 12-month track record of Rekt covering V2 with the depth we apply to investigations creates a lasting reference when traders evaluate the protocol.

We can’t deliver X traders or Y TVL, but we can deliver the educational layer that supports trader acquisition.

On Cyfrin. Different layer. Cyfrin is developer education for builders. Rekt is investigative editorial for over 300k readers. Both useful. Neither replaces the other.

On budget and ROI. $40K over 12 months, roughly $10K per deliverable category.

Audience math supports our pricing. Rekt’s 280K X followers, 30K newsletter subscribers and 42K monthly readers include DeFi-native traders, allocators and governance participants — the exact audience GMX V2 is built for.

Conservative reach across the engagement: 1M+ qualified impressions across X, newsletter, long-form reads, video and podcast. That’s a sub-$40 CPM on a crypto-native qualified audience. Paid newsletter sponsorships and X promotions in the same audience tier typically clear $30-100 CPM for ad-only placement — without the editorial production, the long-form archive or the credibility lift of independent coverage.

The ROI is indirect but this sustained editorial coverage of security in front of the audience that decides where to trade will benefit GMX.

One more thing worth surfacing, because it ties directly to the trader acquisition argument. The original RFC includes TheDefiant integration as an optional extension. They add ~327K X followers and ~130K YouTube subscribers to the distribution layer. If brand visibility is the priority we can adjust our proposal to include TheDefiant.

Leaving the RFC open for more community input

Rekt News team

Dear @0xjunwei, we appreciate your feedback and the validation on the numbers.

Fair point on the pivot. Happy to redirect the case study and the long-form scope toward whatever forward-looking GMX V2 angles the DAO finds most useful — architecture, security design, V2 resilience vs competitors, or anything else the community wants surfaced. We’ll do the work with editorial integrity (independent framing, no puff), but topic selection is genuinely collaborative.

Hi @GovernanceSCG,

Furthering the thoughts from both @0xjunwei and @Saurabh, the framing of your proposal’s research connotes a negative stigma for GMX, which doesn’t need to be rehashed again. The exploit was a major incident in the history for the protocol and bringing it back to the forefront is not aligned with the objectives of GMX.

Furthermore, in both aforementioned RektHQ articles of GMX Rekt and Cutting Corners, the contextualisation of ideas was mostly how GMX, well let me share a few:

• “Each hack follows the same script: protocols pinch pennies on security, then act shocked when someone finds the vulnerabilities they refused to pay for.”
• “GMX’s post-hack bounty kept by the attacker was $5 million.” … “If they had enough money available for recovery bounties, where were those funds when it came to prevention?”
• “When protocols treat security like a marketing checkbox instead of an ongoing discipline, how long before the next $42 million lesson?”

GMX’s Immunefi’s bug bounty budget was $5M since March 2022, the THIRD largest on Immunefi at the time, and before this it was $1M, so these were mostly sensationalised and misleading statements (reference: https://x.com/immunefi/status/1503933424117194753). GMX has paid $2.6M to date in Immunefi reports.

This was not a resolution following the incident, the resolution was GMX ensured users were fully remediated.

That said, Rekt has a really good catalogue introducing investigative research for security engineers and researchers. It’s quite clear of your brand’s presence within this space. I do admire the community focused approach, the research interweaves with these security audiences quite well.

Besides, there’s several in-depth post-incident write ups on this situation that are well-cited, including Certik’s Analysis, SlowMist’s Analysis , Sherlock’s Analysis, and from GMX.

Fair on the editorial tone — those articles were harsh and we know it.

The story we want to tell isn’t about the incident. It’s about what came after. GMX took a hit, handled it, made users whole, and rebuilt. That arc — from crisis to stronger, more resilient protocol — is a case study the industry doesn’t have documented properly. The white-hat negotiation alone is under-documented and has real behind-the-scenes value: an exclusive, with quotes from people who were in the room, that positions GMX as a model for how DeFi handles adversity well.

Beyond that, we’ll investigate wherever GMX considers itself a leader — V2 architecture, risk systems, oracle design. Independent analysis, interviews and quotes that give the protocol the visibility and the narrative it’s earned.

Rekt team

Thanks to the Rekt News team and @GovernanceSCG for the detailed proposal, plus for engaging with community feedback here.

To be straightforward, as a contributor deeply involved with the Comms and Marketing domain: this isn’t a partnership I’d recommend funding.

Rekt News has real reach and genuine credibility in DeFi security; that’s a given. I appreciate your work. But a few things give me pause:

Security has never been a checkbox for GMX. Before the July 2025 incident with V1, we had invested millions into audits, and ran one of the largest bug bounty programs ever on Immunefi. The V2 architecture also reflects years of investment in risk systems and oracle design. The exploit on GLP was, precisely because of that, a very painful moment. Revisiting it in detail over a 12-month funded partnership isn’t where we want to put energy right now, imho.

I see the broader argument that this would be a public good for the perp DEX space. I agree. But I’m not convinced that GMX should be the primary funder. GMX’s treasury focus right now is growth, liquidity, and development.

There’s also a brand consideration: the positive reputational effects of this kind of coverage are intangible. The association with being “rekt” across a sustained campaign is… not.

So, appreciate the outreach. But I feel this doesn’t fit where GMX is aiming to go.