Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 30+ AI models, with 0% extra fees
#rsETHAttackUpdate
The recent security incident involving Kelp DAO's rsETH token occurred on April 18, 2026. Attackers successfully drained approximately $292 million (116,500 rsETH) from the protocol.
The exploit has been attributed by security analysts to the North Korea-linked Lazarus Group.
How the Attack Happened
The incident was a sophisticated attack on off-chain infrastructure rather than a vulnerability in the smart contracts themselves.
Forged Cross-Chain Message: The attackers bypassed the security of the bridge by forging a cross-chain message that mimicked a legitimate transaction.
Infrastructure Compromise: The target was the LayerZero-powered bridge adapter. The attackers compromised internal RPC nodes associated with the Decentralized Verifier Network (DVN) and simultaneously launched a DDoS attack against external nodes.
Verification Failure: By poisoning the verification process, they forced the system to rely on falsified data, leading the bridge to release 116,500 rsETH on Ethereum without an actual corresponding "burn" or collateral backing upstream.
Collateral Exploitation: Following the unauthorized minting of these "phantom" tokens, the attackers used them as collateral on Aave to borrow other assets, which caused significant stress and liquidity outflows across the DeFi ecosystem.
Immediate Impact and Response
Protocol Pauses: Kelp DAO promptly paused its rsETH contracts across mainnet and various Layer-2 networks upon identifying the suspicious activity.
DeFi Precautions: Major lending protocols, including Aave, moved to freeze rsETH markets to protect their platforms and users. Other protocols with exposure, such as those integrated with Lido, also suspended deposits or took precautionary measures.
Attempted Second Attack: Following the initial theft, the attackers attempted a second, smaller drain of an additional 40,000 rsETH (~$95 million), but this was thwarted after Kelp DAO blacklisted the attackers' addresses and paused the relevant contracts.
This event has sparked significant discussion within the industry regarding the reliance on single-point-of-failure configurations in bridge security and the necessity for "invariant-level" monitoring rather than just individual call verification.
$AAVE