Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 40+ AI models, with 0% extra fees
#WCTCTradingKingPK
💀 April 2026: the bloodiest month in decentralized finance history
$635 million lost across 28 attacks in 30 days.
Drift and KelpDAO took the hardest hits — more than $500M was lost.
Drift – “an operation that lasted six months” ($285 million)
This isn’t a random flaw — a state-sponsored breach.
· Social engineering: “fake traders” became friends with the team since late 2025, attended conferences, built trust, and infiltrated a malicious vault.
· Access: developer devices were targeted through poisoned repositories and fake TestFlight apps.
· The knockout blow: Used permanent Nonces (a legitimate feature in Solana) to timestamp transactions signed by the admin. Good intentions → a perfect backdoor.
🚨 KelpDAO – “trust issues” ($292M stolen, plus $230M from Aave)
They didn’t break the code — they broke the infrastructure.
· Weakness: LayerZero DVN security depended on only a single verifier. A single point of failure.
· Method: Two RPC contracts were targeted; Geth programs were replaced; fake messages were sent across the network for cross-chain deposit operations.
· Sequence: $236M was drained from Aave with seemingly valid proofs. No contract error — infrastructure hijacking.
🤬 Rage / Rage Mode
1. “Are cryptocurrencies just chaos?”
No. This is a state actor. North Korea operates through corrupt intermediaries. Not for beginners.
2. “Audits won’t save you”
KelpDAO passed an audit. Drift didn’t write weak code.
The problem is architectural blindness. We trusted the blockchain but left the backdoor open. RPCs, contracts, the infrastructure layer — the foundation is leaking.
3. “Valid signatures… so what?”
Tragedy: everything was technically correct. Drift and KelpDAO collapsed because attackers used intended protocol features against them. It’s not an attack — it’s engineering that exploits legal mechanisms.
🌟 What’s next
· Security must be redrawn — code audits aren’t enough. Simulate hostile infrastructure, not just contract logic.
· Trust in auditors? A cold shower. If infrastructure layers don’t rely on untrusted consensus, they kill DeFi.
· Regulatory pressure — $635M losses will push stricter rules. Your wallet may become too comfortable for regulators.
This wasn’t an $600M flaw.
It was the major architectural vulnerability of 2026.
Fix trust in infrastructure, not just contracts. Or watch the market keep burning.