Popular decentralized crypto exchange GMX has witnessed a price manipulation exploit on the AVAX/USD trading pair and the attacker successfully managed to steal $565,000 from the Avalanche market.

Interestingly, it seems that the attacker, which remains unidentified, successfully capitalized on GMX's "minimal spread" and "zero price impact" features to implement the price manipulation exploit. The official Twitter account of GMX confirmed the attack via a Twitter post Sunday as seen below.

Moreover, the decentralized exchange pointed out that the AVAX/USD market would remain open, but a $2 million cap on long positions and a $1 million cap on short positions will be imposed to protect the investors from further exploit.

The Head of derivatives at Genesis Trading Joshua Lim was one of the first on-chain analysts to point out the attack and analyze the methodology followed by the attacker.

Lim confirmed that the attacker "successfully extracted profits from GMX's AVAX/USD market by opening large positions at 0 slippage" and then transferred the tokens to centralized exchanges for a slightly higher price.

As per Lim's analysis, the cycle was repeated five times, and each time, more than 200,000 AVAX tokens (roughly $4-5 million) were transferred to centralized exchanges. However, all of it was not profit as the attacker also paid spread to market makers on other exchanges but successfully extracted about $565,000 in profit.

"The real issue is GMX doesn't reflect the true cost of liquidity like other venues do, it offers unlimited liquidity at a mid-market oracle price," Lim pointed out.

The crypto analyst suggested that GMX "can try to identify toxic customer flow and cut it off or widen their spreads specifically" or "cap max position size on any particular asset to a small fraction of liquidity available on CEXes so that any extractable profits are small relative to the cost of moving the asset price on CEX."

As noted above, GMX capped open interest for AVAX/USD market.

