Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
DeFi developer Banteg: LayerZero was not attacked through RPC poisoning
Gold Finance reports that on April 20th, LayerZero released a KelpDAO report stating that KelpDAO was attacked through hackers poisoning the RPC of LayerZero DVN. Yearn Finance anonymous developer Banteg questioned that the attack was not RPC poisoning; network poisoning refers to attackers tampering with shared lookups (DNS, ARP, cache) outside the trust boundary. In such cases, the recipient has no reason to doubt the source. But this attack was not like that. The attacker entered LayerZero’s internal trust boundary, accessed the RPC list, compromised two nodes relied on by DVN, and replaced the op-geth binary. This constitutes an infrastructure intrusion within the boundary, with the attack targeting the supply chain level rather than the network level. Moreover, the malicious payload was delivered with great precision. The malicious binary disguised itself as an IP address, sent forged payloads only to DVN, displayed real information to scanners and all other callers, then self-destructed to erase logs and binaries. RPC poisoning can easily be mistaken for an external attack on the infrastructure. But in reality, the attacker implanted targeted malicious programs inside the trust boundary. This is far more terrifying than its name suggests.