Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
GoPlus: ListaDAO's counterfeit contract with the same name was hacked; the official ListaDAO contract was unaffected
Mars Finance reports that regarding the recent attack on the “ListaDAOLiquidStakingVault” contract, ListaDAO’s official statement clarifies that the attacked contract was not deployed by the official team, but was a counterfeit contract created by an unverified third party using a similar name. All official contracts of ListaDAO have not been affected by this incident.
According to an in-depth analysis by the GoPlus security team, the attack occurred on April 16, 2026, and the root cause was a logical flaw in the third-party contract. When performing token transfers, the Dividend.setShares() function is triggered, which changes the share accounting within the contract, thereby affecting the reward calculation in the claimReward() function. The attacker exploited this vulnerability to deplete the assets within the contract.
GoPlus warns that because this logical flaw exists in both segments of the contract code mentioned above, any development project that forks or reuses this code faces a high risk of exploitation. Developers are advised to promptly conduct code audits and repairs, and to implement continuous auditing mechanisms to ensure the security of smart contracts.