Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 40+ AI models, with 0% extra fees
#DeFiLossesTop600MInApril
April 2026 exposed one of the harshest realities in crypto: DeFi has grown faster than its security systems. More than $600 million was lost across nearly 30 separate exploits in a single month, making April the most damaging month for crypto security on record. That means the industry was facing almost one major exploit every single day.
What makes this more serious is that these were not simple coding mistakes or random smart contract bugs. The largest attacks revealed deep structural weaknesses inside DeFi itself.
The first major breach came from Drift Protocol, which suffered losses of around $285 million. This was not a fast hack executed in hours. Reports indicate it was the result of a long-term social engineering campaign connected to North Korea’s Citrine Sleet group. Attackers spent months building trust, manipulating internal access, and targeting operational weaknesses rather than just technical code flaws. This shows that human security is now just as important as smart contract security.
The second major exploit hit KelpDAO, where nearly $293 million was lost through a LayerZero V2 bridge vulnerability. Cross-chain bridges are designed to connect ecosystems, but they also create dangerous single points of failure. When one bridge breaks, multiple networks can be affected at once. In this case, TraderTraitor exploited that exact weakness, proving again that bridge architecture remains one of DeFi’s biggest unresolved risks.
These two cases highlight the same problem: too much trust concentrated in too few places. Admin keys remain overly centralized, bridge infrastructure lacks redundancy, and governance systems are often too slow to react during active attacks. DeFi was built to remove centralized risk, yet many protocols still depend on centralized control mechanisms behind the scenes.
Another alarming trend is the dominance of North Korean cyber groups. In 2026 alone, they are responsible for approximately 76% of all stolen crypto funds, with total thefts exceeding $6 billion since 2017. Their strategy has evolved. Instead of relying only on direct technical exploits, they now combine psychological manipulation, insider targeting, and advanced attack planning.
Recovery after the hack is becoming another battlefield. In the KelpDAO case, a US law firm, Gerstein Harrow, is attempting to claim $71 million of frozen funds using an unrelated legal judgment from 2015. This creates a dangerous precedent where legal disputes may delay or even prevent victims from recovering stolen assets.
The lesson is clear: DeFi is not failing because the idea is wrong, but because security standards are still behind the scale of capital involved. Multi-signature governance, stronger bridge protections, decentralized operational control, and faster emergency response systems must become standard—not optional. Without that shift, the next record-breaking exploit is only a matter of time.
#GateSquare #ContentMining
#Gate13周年 #CreatorCarnival
April 2026 exposed one of the harshest realities in crypto: DeFi has grown faster than its security systems. More than $600 million was lost across nearly 30 separate exploits in a single month, making April the most damaging month for crypto security on record. That means the industry was facing almost one major exploit every single day.
What makes this more serious is that these were not simple coding mistakes or random smart contract bugs. The largest attacks revealed deep structural weaknesses inside DeFi itself.
The first major breach came from Drift Protocol, which suffered losses of around $285 million. This was not a fast hack executed in hours. Reports indicate it was the result of a long-term social engineering campaign connected to North Korea’s Citrine Sleet group. Attackers spent months building trust, manipulating internal access, and targeting operational weaknesses rather than just technical code flaws. This shows that human security is now just as important as smart contract security.
The second major exploit hit KelpDAO, where nearly $293 million was lost through a LayerZero V2 bridge vulnerability. Cross-chain bridges are designed to connect ecosystems, but they also create dangerous single points of failure. When one bridge breaks, multiple networks can be affected at once. In this case, TraderTraitor exploited that exact weakness, proving again that bridge architecture remains one of DeFi’s biggest unresolved risks.
These two cases highlight the same problem: too much trust concentrated in too few places. Admin keys remain overly centralized, bridge infrastructure lacks redundancy, and governance systems are often too slow to react during active attacks. DeFi was built to remove centralized risk, yet many protocols still depend on centralized control mechanisms behind the scenes.
Another alarming trend is the dominance of North Korean cyber groups. In 2026 alone, they are responsible for approximately 76% of all stolen crypto funds, with total thefts exceeding $6 billion since 2017. Their strategy has evolved. Instead of relying only on direct technical exploits, they now combine psychological manipulation, insider targeting, and advanced attack planning.
Recovery after the hack is becoming another battlefield. In the KelpDAO case, a US law firm, Gerstein Harrow, is attempting to claim $71 million of frozen funds using an unrelated legal judgment from 2015. This creates a dangerous precedent where legal disputes may delay or even prevent victims from recovering stolen assets.
The lesson is clear: DeFi is not failing because the idea is wrong, but because security standards are still behind the scale of capital involved. Multi-signature governance, stronger bridge protections, decentralized operational control, and faster emergency response systems must become standard—not optional. Without that shift, the next record-breaking exploit is only a matter of time.
#GateSquare #ContentMining
#Gate13周年 #CreatorCarnival