Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 40+ AI models, with 0% extra fees
#WCTCTradingKingPK
💀 April 2026: The bloodiest month in DeFi history
$635 million lost across 28 attacks in 30 days.
Drift and KelpDAO took the hardest hits — over $500M gone.
Drift – “A six-month op” ($285M)
Not a random bug — a state-backed infiltration.
· Social engineering: Fake “traders” befriended the team since late 2025, attended conferences, built trust, and sneaked in a malicious vault.
· Access: Compromised developer machines via poisoned repos and fake TestFlight apps.
· The kill shot: Used Durable Nonces (a legit Solana feature) to backdate admin-signed transactions. Good intentions → perfect backdoor.
🚨 KelpDAO – “Trust issues” ($292M stolen, plus $230M from Aave)
They didn't break the code — they broke the infrastructure.
· Weak point: LayerZero’s DVN security relied on just one verifier. Single point of failure.
· Method: Compromised two RPC nodes, swapped Geth executables, spammed the network with fake cross-chain deposit messages.
· Cascade: Drained $236M from Aave with valid-looking proofs. No contract bug — infrastructure hijack.
🤬 Outrage / Rage Mode
1. “Is crypto just chaos?”
No. This is a state actor. North Korea moves through corrupted intermediaries. No amateurs.
2. “Audits won’t save you”
KelpDAO passed audits. Drift didn't write vulnerable code.
The problem is architectural blindness. We trusted the blockchain but left the back door open. Compromised RPCs, nodes, infra layer — the foundation is leaky.
3. “Valid signatures… so what?”
The tragedy: everything was technically correct. Drift and KelpDAO broke because the attackers used intended protocol features against them. This isn't a hack — it's legal-mechanism abuse engineering.
🌟 What's next
· Security must be redrawn — auditing code isn't enough. Simulate hostile infra, not just contract logic.
· Trusted validators? Cold shower. If infra layers don't have trustless consensus, they kill DeFi.
· Regulatory heat — $635M in losses will invite tighter rules. Your wallet may become too convenient for regulators.
This wasn't a $600M bug.
It was the architectural zero-day of 2026.
Fix the infrastructure trust, not just the contracts. Or watch the market keep burning.