Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
CFD
U.S. stock CFD derivatives
US Stocks
Access real US stocks and ETFs
HK Stocks
Trade quality Hong Kong-listed stocks
Korean Stocks
SK Hynix
Real Korean stocks and top assets
Stock Futures
High leverage, 24/7 trading
Tokenized Stocks
Backed by real stock assets
IPO Access
Unlock full access to global stock IPOs
GUSD
Mint GUSD for Treasury RWA yields
Stocks Activities
Trade Popular Stocks and Unlock Generous Airdrops
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
IPO Access
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
In 2016, the blockchain industry was rocked by a security incident that went viral across the internet: an attacker spent less than $1 in transaction fees and, using a single line of code written in the wrong order, managed to siphon off digital assets worth $60 million from the on-chain smart contract of the leading project The DAO. Throughout the entire process, there was no brute-force cracking, no illegal intrusion—everything was accomplished purely by exploiting a logic flaw in the code itself.
The principle behind this vulnerability was absurdly simple: the withdrawal logic should normally clear the user’s account balance first, and then execute the transfer. But the contract from that time had the sequence written in reverse—send the funds first, then clear the balance. The attacker, inside the callback mechanism triggered by the transfer, repeatedly initiated withdrawal requests, taking advantage of the system not yet updating the balance state. Round after round, they drained funds in a recursive loop until the contract’s reserves were completely emptied. And the fix only required swapping the positions of two lines of code.
The DAO was by no means a faceless small project. It was, at the time, the most closely watched benchmark project in the Ethereum ecosystem, with a crowdfunding scale of $150 million. Its code had undergone multiple rounds of community review and verification by professional security teams—but somehow, no one managed to spot this most basic logic error.
In the end, the incident forced the Ethereum community to launch a hard fork, forcibly rolling back transactions to recover the stolen assets, and it also directly split off the Ethereum Classic branch chain. The industry’s long-standing belief in “code is law” was slapped in the face by reality for the first time. The debate over whether exploiting vulnerabilities is a legitimate action or theft is still simmering to this day.
Even more ironic is that, more than a decade later, these kinds of basic vulnerabilities have not disappeared—on the contrary, they keep resurfacing again and again under different disguises. In 2021, the well-known lending protocol CREAM Finance was drained of $130 million using the same technique. Because the call chain was nested layer upon layer and hidden under complex details, even after full professional audits, the risk still could not be identified.
Beyond that, there were flash-loan manipulation attacks with zero principal, low-level blunders like writing incorrect function permissions, and even a major cross-chain bridge case that caused a $625 million loss based solely on a phishing email—these cases have played out in the industry repeatedly. Many projects, in their rush to meet go-live timelines and reduce development costs, keep compromising on security in the name of speed. Every instance of cutting corners eventually becomes an irrecoverable, sky-high loss.$ETH
{spot}(ETHUSDT)