Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
Gate MCP
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 30+ AI models, with 0% extra fees
#CryptoMarketsRiseBroadly #TopCopyTradingScout rsETH Exploit Update: The 2026 DeFi Infrastructure Crisis
The rsETH exploit on April 18, 2026, marks a turning point in decentralized finance. Moving away from traditional smart contract bugs, this $292 million heist exposed a critical vulnerability in the "plumbing" of cross-chain communication.
As we reach the end of April, the industry is transitioning from emergency response to systemic recovery.
By The Numbers: The Financial Aftermath
Total Drained: ~116,500 rsETH (Approx. $292M)
Bad Debt Risk: ~$236M in unbacked loans across Aave V3 and lending protocols.
Ecosystem Flight: An estimated $5B–$10B in TVL shifted to safer assets.
The Backstop: ~43,500+ ETH (Approx. $100M+) pledged by industry partners to restore backing.
The Exploit: Anatomy of an Infrastructure Failure
This was not a failure of Kelp DAO’s code, but a compromise of the LayerZero V2 communication layer, attributed with high confidence to the Lazarus Group.
Single Point of Failure: The system utilized a 1-of-1 verifier setup, meaning only one validator was needed to confirm cross-chain messages.
Node Compromise: Attackers seized control of two RPC nodes, injecting malware to feed forged data to the Ethereum bridge.
The "Ghost Mint": By tricking the bridge into trusting forged data, attackers minted 116,500 rsETH out of thin air on Ethereum, which they immediately used as collateral to drain real liquidity.
The "DeFi United" Response
Despite the scale of the theft, the speed of coordination prevented a total collapse:
Kelp DAO: Executed an emergency pause within 46 minutes, shielding an additional $100M from the attackers.
Arbitrum & Mantle: Provided significant ETH recoveries and established credit facilities.
Aave & Lido: Collaborated on governance proposals to manage bad debt and maintain pool utilization stability.
Critical Lessons for the New Era
"The system did not collapse; it coordinated."
Mandatory Multi-Verifier: The "1-of-1" bridge model is effectively dead. Multi-signature and decentralized validation layers are now the industry standard.
Off-Chain Security: RPC nodes and off-chain infrastructure are now the primary targets for nation-state actors; security must extend beyond the blockchain.
Liquidity Fragility: Even "safe" protocols face massive stress when collateral assets depeg, highlighting the need for more robust circuit breakers.
The rsETH exploit on April 18, 2026, marks a turning point in decentralized finance. Moving away from traditional smart contract bugs, this $292 million heist exposed a critical vulnerability in the "plumbing" of cross-chain communication.
As we reach the end of April, the industry is transitioning from emergency response to systemic recovery.
By The Numbers: The Financial Aftermath
Total Drained: ~116,500 rsETH (Approx. $292M)
Bad Debt Risk: ~$236M in unbacked loans across Aave V3 and lending protocols.
Ecosystem Flight: An estimated $5B–$10B in TVL shifted to safer assets.
The Backstop: ~43,500+ ETH (Approx. $100M+) pledged by industry partners to restore backing.
The Exploit: Anatomy of an Infrastructure Failure
This was not a failure of Kelp DAO’s code, but a compromise of the LayerZero V2 communication layer, attributed with high confidence to the Lazarus Group.
Single Point of Failure: The system utilized a 1-of-1 verifier setup, meaning only one validator was needed to confirm cross-chain messages.
Node Compromise: Attackers seized control of two RPC nodes, injecting malware to feed forged data to the Ethereum bridge.
The "Ghost Mint": By tricking the bridge into trusting forged data, attackers minted 116,500 rsETH out of thin air on Ethereum, which they immediately used as collateral to drain real liquidity.
The "DeFi United" Response
Despite the scale of the theft, the speed of coordination prevented a total collapse:
Kelp DAO: Executed an emergency pause within 46 minutes, shielding an additional $100M from the attackers.
Arbitrum & Mantle: Provided significant ETH recoveries and established credit facilities.
Aave & Lido: Collaborated on governance proposals to manage bad debt and maintain pool utilization stability.
Critical Lessons for the New Era
"The system did not collapse; it coordinated."
Mandatory Multi-Verifier: The "1-of-1" bridge model is effectively dead. Multi-signature and decentralized validation layers are now the industry standard.
Off-Chain Security: RPC nodes and off-chain infrastructure are now the primary targets for nation-state actors; security must extend beyond the blockchain.
Liquidity Fragility: Even "safe" protocols face massive stress when collateral assets depeg, highlighting the need for more robust circuit breakers.