Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Incident statement from LayerZero is out. As expected, the attacker was likely DPRK.
The DVN itself was not compromised as previously speculated, but rather TWO separate RPCs the DVN used to ingest state.
On top of that, attackers DDOS'd the DVN's primary RPCs to force it to fail over to the two compromised ones.
And the compromised RPCs served real state to anybody querying them, only serving malicious state to the DVNs. This enabled the attackers to bypass some of the other safeguards that were in place.
Do NOT underestimate Lazarus. This attack was sophisticated as fuck, make no mistake.
LZ DVN is back online and fully operational but I suspect there will be some serious introspection over the next weeks to months about further hardening security.
Feel for everybody that was affected these last few days. Sometimes you just get outplayed, and DPRK outplayed the good guys once again here.