Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
We're releasing an update on the Browser Extension v2.68 security incident that impacted users recently.
Here's what we've uncovered about how the attack unfolded and what it means for the broader Web3 ecosystem:
Our investigation reveals the attack vector exploited a vulnerability in the extension's update mechanism. The attacker managed to inject malicious code during the distribution phase, affecting users who updated to that specific version.
Key findings:
- The incident highlights a critical gap in extension security frameworks
- Update verification processes need stronger cryptographic validation
- Wallet extensions remain high-value targets for sophisticated threat actors
For the industry, this signals the need for:
1. Stricter code review protocols before release
2. Decentralized verification mechanisms for extension updates
3. Real-time threat monitoring and automated rollback capabilities
We've already implemented comprehensive patches and security hardening measures. All affected users are advised to update immediately to the latest secure version and review their wallet activity.
This incident underscores why security infrastructure in Web3 cannot be treated as an afterthought—it's foundational.
On-chain data shows that this round of attack affected about 3.2% of wallets. The scale of loss is far less severe than the official reports, but it's still quite alarming.
Honestly, this incident exposed the soft underbelly of the entire ecosystem, but it also created arbitrage opportunities for auditing firms.
The security infrastructure of the wallet extension layer is indeed inadequate, but after this patch, the risk level should be reduced to an acceptable range.
I'm curious about which addresses were hacked; on-chain data speaks volumes.
Whenever something like this happens, the price drops immediately. I've already seen the gas fees spike... another wave of liquidation is coming.
To put it simply—if you don't own the private key, you don't own the coins. How hard is self-custody, really?
Hurry up and update the version, everyone, don't get caught like last time.
The update verification process must be strengthened, or we'll be on edge every day.
If this kind of thing happens in CeFi, it would be a total disaster. Let's comfort ourselves a bit.
Hurry up and update, don't keep messing around.
Why is it always the update mechanism that has flaws? This is really the time for infrastructure to be improved.
Extensions are really a sieve; luckily, I caught this early this time.