SlowMist: The core reason for the GMX attack is that the global short average price of GMX v1 can be manipulated, causing the GLP price to be maliciously inflated for arbitrage.
BlockBeats News, July 10th, Slowmist CISO @im23pds tweeted that "The root cause of the GMX attack is that GMX v1 immediately updates the global short position average price when handling short positions. This global average price directly affects the calculation of the total asset under management (AUM), leading to the manipulation of the GLP token price.
The attacker exploited this design flaw by using a Keeper to enable the timelock.enableLeverage feature when executing orders (a necessary condition to create a large short position). Through reentrancy, they successfully created a large short position to manipulate the global average price, artificially raising the GLP price in a single transaction and profiting through redemption.
You may also like
'Bottom building in progress': Analysts say bitcoin holder capitulation signals late-stage bear market
A Comprehensive Analysis: Starting from 1996, Who is Laying the Foundation for the Next Generation of Capital Markets
Luke Dashjr, the Biggest Anti-Spammer of Bitcoin, Inscribed Phrases on the Network in 2011
Whales bought 270,000 BTC while ETFs bled $7 billion. One side is wrong
The crypto IPO class of 2025-26 is down as much as 89%. Autopsy of a listing boom
Robinhood Chain Mining Guide: A Comprehensive Tutorial from Cross-Chain to Memecoin
BitGo CEO says single-digit percentages of bitcoin's supply are 'probably right' for large holders amid Strategy's sale
Beyond Private Keys: How to Safeguard the Security Boundaries of Web3 from Wallets, L2 to Supply Chains?
Vanguard Enters the Market, Opening a New Crypto Gateway for 50 Million Traditional Investors
Why the OUSD Alliance of 150 Companies Still Cannot Shake USDT and USDC?
Citigroup Analysis: Is There Still 47% Upside for Nvidia? Can Rubin and CPO Deliver?
WEEX API Fast Connect: Turn Every Sign-In Into a Live Trader in Under 10 Seconds
WEEX API Fast Connect is a one-click OAuth authorization system that lets your users link their WEEX account without ever touching an API key. Frictionless onboarding, faster conversions, higher retention — built for WEEX Broker partners.
Bitcoin's dwindling exchange reserves don't pack the same bullish punch anymore
From Le Mans to the Rollercoaster: Carl Moon Takes On Portimão
Crypto world renowned KOL and racing driver Carl Moon, backed by WEEX, heads to the Ferrari Challenge Portugal round at the Algarve International Circuit, July 16–19, fresh off a podium finish at Le Mans. Here's why this race is one to watch.
Fast execution. Split-second accuracy. Security that never blinks. That's WEEX — and that's exactly how Carl races.

