Pay with

USD

Supports Visa, Mastercard, SEPA & more

Flexible trading, zero fees

Use your crypto for payments worldwide

Basic

Trade crypto freely

Magnify your profit with leverage

Convert & Auto-Invest

Trade any size with no fees and no slippage

Get exposure to leveraged positions simply

Pre-Market Trading

Trade new tokens before listing

Advanced

Trade on-chain with Gate Wallet

Smart access to new on-chain tokens

Smart strategies with automated trading

Follow expert trading strategies

CrossEx Trading

One margin balance, shared across platforms

Access hundreds of perpetual contracts

One platform for global traditional assets

Trade European-style vanilla options

Unified Account

Maximize your capital efficiency

Introduction to Futures Trading

Learn the basics of futures trading

Join events to earn rewards

Use virtual funds to practice risk-free trading

U.S. stock CFD derivatives

Access real US stocks and ETFs

Trade quality Hong Kong-listed stocks

Real Korean stocks and top assets

High leverage, 24/7 trading

Tokenized Stocks

Backed by real stock assets

Unlock full access to global stock IPOs

Mint GUSD for Treasury RWA yields

Stocks Activities

Trade Popular Stocks and Unlock Generous Airdrops

Launch

Collect candies to earn airdrops

Quick staking, earn potential new tokens

Hold GT and get massive airdrops for free

Unlock full access to global stock IPOs

Trade on-chain assets and earn airdrops

Earn futures points and claim airdrop rewards

Investment

Earn interest with idle tokens

Auto-invest on a regular basis

Dual Investment

Profit from market volatility

Earn rewards with flexible staking

Pledge one crypto to borrow another

One-stop lending hub

Premium wealth growth plans

Private Wealth Management

Premium asset allocation

Top-tier quant strategies

Stake cryptos to earn in PoS products

No-liquidation leverage

One-click stake, daily earnings

Post, share, and explore crypto trends

Live crypto market analysis

Chat with crypto traders

What is happening in crypto

More

Promotions

Activity Center

Participate in activities to earn rewards

Invite friends to earn referral rewards

Affiliate Program

Earn exclusive commission rewards

Grow influence and earn airdrops

Real-time platform updates

Crypto industry articles

Huge fee discounts

Asset Management

One‑stop asset management solution

Enterprise digital asset solutions

Developers (API)

Connects to the Gate application ecosystem

OTC Bank Transfer

Deposit and withdraw fiat

Generous API rebate mechanisms

AI

Your all-in-one conversational AI partner

Use Gate AI directly in your social App

Gate Blue Lobster, ready to go

Gate for AI Agent

AI infrastructure, Gate MCP, Skills, and CLI

Gate Skills Hub

From office tasks to trading, the all-in-one skill hub makes AI even more useful.

Others

Find FAQs and help guides

Learn about crypto investing

Grow with the champions

Proof of Reserves

Gate promises 100% proof of reserves

Keep your assets secure

Slow Mist: A new variant of malware appears in the npm ecosystem, infecting 23 packages and 408 GitHub repositories.

WuSaidBlockchainW

2026-06-25 08:50:27

Abstract generation in progress

Wu Shuo has learned that the SlowMist security team issued a warning that a new type of malware variant (Shai-Hulud / Miasma / Hades) associated with the compromised developer account czirker has appeared in the npm ecosystem. The attacker triggers malicious code during the execution of npm install through a pre-configured binding.gyp file. Currently, a total of 23 affected packages have been confirmed, among which leo-logger has a weekly download count of 3,140; at the same time, 408 GitHub repositories containing stolen credentials were discovered. The attack involves stealing GitHub and npm tokens, cloud credentials (AWS / GCP / Azure), local environment data, and abusing GitHub Actions, among others. SlowMist recommends that security teams immediately check lock files and package records, remove the relevant packages, rotate all critical keys, and enforce two-factor authentication (2FA).

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

6 Likes

Reward
6
5
2
Share

Comment

Add a comment

Add a comment

QuietQuants

· 5h ago

23 packages, 408 repositories, that's quite a scale. Even GitHub Actions can be abused, the defense surface is too wide.

View OriginalReply0

BorrowingBuddy

· 5h ago

Shai-Hulud, this name... Dune fans are ecstatic, but the attacker is really disgusting.

View OriginalReply0

ColdWalletLeftInTheAir

· 5h ago

Key rotation is painful but necessary. The worst fear is that some old projects are no longer maintained, and you don't even know where the landmines are buried.

View OriginalReply0

RefrigeratorMagnetContract

· 5h ago

Precompiled hooks inject malicious code, hitting you during the install phase—this is fundamentally unstoppable for ordinary users. File locking reviews must be automated.

View OriginalReply0

GateUser-8d51653b

· 5h ago

The chain reaction of a czirker account being hacked shows that if a single point is compromised, the whole system collapses.
2FA must be enabled, but if the token is leaked, you're still done.

View OriginalReply0

Trending Topics
View More
#
Get2SharesOfSKHynixAtZeroCost
1.49M Popularity
#
BTCProbes60KKeySupportLevel
378.67M Popularity
#
WorldCup🇺🇸vs🇹🇷
295.95K Popularity
#
TradFiCFDGoldMasters
2.18M Popularity
#
StakeUSD1Earn9.48%APR
969.27K Popularity

Pinned