The GMX V1 exploit occurred despite prior security reviews by top auditing firms Quantstamp and ABDK Consulting, whose audits assessed core risks like reentrancy and access controls and conducted stress tests, but failed to flag the specific leverage manipulation vector that enabled the $42 million exploit.

Claim

Quotes that support claims

Before the hack, GMX’s V1 contracts were reviewed by top auditing firms. Quantstamp’s pre-deployment audit assessed core risks like reentrancy and access controls, while ABDK Consulting conducted additional stress tests. Yet neither audit flagged the specific leverage manipulation vector that enabled this exploit.