goplus

According to the official announcement from Bithumb, Bithumb will add the GoPlus (GPS) Korean Won market trading pair.

According to disclosures from the GoPlus Chinese community, the prediction market platform Polymarket was hacked due to a design flaw in the synchronization mechanism between off-chain and on-chain trading results in its order system.The attacker manipulated the nonce, causing on-chain matched trades to be canceled or invalidated before execution, while off-chain records remained valid, leading to API false reports that affected trading behaviors of bots like Negrisk, resulting in user losses. The analysis of the attack process is as follows:The attacker submitted/matched large reverse trades with the market-making bot on the Polymarket off-chain orderbook.The attacker constructed transactions with forged/repeated nonces or utilized on-chain nonce competition, causing the on-chain transactions to inevitably revert.The Polymarket API returned "transaction successful" to the bot before on-chain confirmation, leading the bot to believe that the position had been hedged, while the actual on-chain state had not changed.The attacker then executed real on-chain trades to take advantage of the direction exposed by the bot, thus profiting "risk-free."Since the revert occurred at the chain level, Polymarket fees would not explode, making the attack cost controllable and executable continuously.GoPlus recommends that users pause automated trading tools, verify on-chain trading statuses, enhance wallet security, and closely monitor official announcements from Polymarket.

According to GoPlus monitoring, a wallet that had been inactive for nearly five years was compromised after signing a malicious increaseApproval transaction, with the attacker stealing approximately $66,000 worth of QNT.

GoPlus has launched a new feature in its browser extension, GoPredict, which provides event risk identification support for the prediction market Polymarket. GoPredict is based on the official Gamma API of Polymarket and conducts real-time risk analysis of market events from multiple dimensions, including event verifiability, market liquidity, and price volatility. It directly marks risk levels on the Polymarket event list page, helping users quickly identify potential high-risk events before placing bets, reducing the information asymmetry risk for ordinary users in the prediction market, and enhancing participation safety and decision-making efficiency.GoPredict is now available with the GoPlus browser extension, and users can download and experience it through the Chrome Web Store.

According to GoPlus monitoring, a user lost $230,000 worth of aArbWETH and aEthLBTC to a phishing attack after signing a malicious permit and increaseAllowance transaction.

According to data from GoPlus RektDatabase, there were over 1,200 serious security incidents involving users and projects in the Web3 space in 2025, resulting in total losses exceeding $3.5 billion.The three most common types of attacks and fraud are private key theft (based on viruses, trojans, and social engineering), phishing attacks, and Rug Tokens (fraudulent tokens). Among them, the Bybit theft incident (February 21, $1.5 billion), the Cetus theft incident (May 22, $223 million), and the Balancer theft incident (November 2, $128 million) are the top three events in terms of losses in 2025.The security situation shows a clear trend of "increased number of large-scale incidents" and "significantly reduced cost of small fraud for users," indicating that attackers' strategies are exhibiting a trend of "precision hunting" and "broad net" simultaneously. Notably, there were 12 attack incidents in 2025 with individual losses exceeding $30 million, of which 7 were in CeFi. The main reasons were the theft of administrator private keys and hot wallet private keys, exposing significant risks.

GoPlus Chinese community analyzes the principle of the attack on the decentralized options protocol Ribbon Finance in a social media post.The attacker upgraded the price oracle contract to a malicious implementation contract through the address 0x657CDE, and then set the expiration time for four tokens: stETH, Aave, PAXG, and LINK to December 12, 2025, 16:00:00 (UTC+8) and manipulated the expiration prices, exploiting the incorrect prices to profit from the attack.It is worth noting that when the project party's contract was created, the _transferOwnership status value of the attack address was already set to true, allowing it to pass the contract security checks. Analysis shows that this attack address may have originally been one of the project party's management addresses, which was later controlled by hackers through social engineering attacks and other means to carry out this attack.

GoPlus Chinese community analyzes the principle of the attack on the decentralized options protocol Ribbon Finance in a social media post.The attacker upgraded the price oracle contract to a malicious implementation contract through the address 0x657CDE, and then set the expiration time of four tokens: stETH, Aave, PAXG, and LINK to December 12, 2025, 16:00:00 (UTC+8) and manipulated the expiration prices, profiting from the exploitation of the erroneous prices.It is noteworthy that when the project party's contract was created, the _transferOwnership status value of the attack address had already been set to true, allowing it to pass the contract security checks. Analysis shows that this attack address was likely one of the project party's management addresses, which was later controlled by hackers through social engineering attacks and other means to carry out this attack.

Binance has now completed the integration of Goplus Security (GPS) on the BNB Smart Chain (BSC) network and has opened deposit and withdrawal services. Users can obtain their exclusive token deposit address through this page.

According to official news, GoPlus Security Research Institute conducted a detailed security risk scan on more than 30 x402 projects and community-reported risk projects in Binance Wallet and OKX Wallet, discovering that the following projects have issues such as excessive authorization, signature replay, HonyPot (PiXiu token), and unlimited issuance risks.FLOCK (0x5ab3): The transfer ERC20 function allows the owner to withdraw any amount of any token from the contract. x420 (0x68e2): The cross chain Mint function can mint tokens without restriction. U402 (0xd2b3): The mint By Bond function allows unlimited minting of coins. MRDN (0xe57e): The withdraw Token function allows the owner to withdraw any amount of any token from the contract. PENG (0x4444ee, 0x444450, 0x444428): The manual Swap function allows the owner to withdraw ETH from the contract, and the transfer From function bypasses the allowance check for special accounts. x402 Token (0x40ff): The transfer From function bypasses the allowance check for special accounts. x402b (0xd8af5f): The manual Swap function allows the owner to withdraw ETH from the contract, and the transfer From function bypasses the allowance check for special accounts. x402MO (0x3c47df): The manual Swap function allows the owner to withdraw ETH from the contract, and the transfer From function bypasses the allowance check for special accounts.

GoPlus monitoring shows that Web3 has suffered total losses exceeding $45.84 million due to security incidents such as smart contract vulnerabilities, social engineering attacks, phishing attacks, Ponzi schemes, and rug pulls.Among them: GMGN users fell victim to a phishing attack, where attackers forged a third-party token website to induce unauthorized transactions, resulting in losses of over $700,000 for 107 users;A Twitter account that previously gained attention from KOLs like CZ renamed itself to @OracleBNB, impersonated a collaboration with @four_meme_ to issue tokens, and then profited 34 BNB from the rug pull.

GoPlus Chinese community disclosed on platform X that the Hello 402 contract has some hidden risks------infinite issuance and centralized manipulation risks.The administrator address has extremely high permissions, completely controlling the minting and distribution of H402 tokens. For example: the addTokenCredits function allows the administrator to allocate H402 token minting shares to users, but does not check whether it will exceed the MAX_SUPPLY total, potentially creating an infinite issuance backdoor; the redeemTokenCredits function allows users to actually mint H402 tokens based on their shares; the WithdrawDevToken function allows the administrator address to mint all unallocated shares in one go, posing a high risk of centralized manipulation.The project party stated in X that the WithdrawDevToken function is only used for "token replenishment," "ecological incentives," and "profit space" commitments after the private placement ends, none of which have been specifically implemented at the contract level, resulting in a high risk of centralized default. Previously, OKX stated that it has launched an investigation into the abnormal behavior of Hello 402 and will continue to track on-chain evidence while reserving the right to take legal action.

According to GoPlus monitoring, the hackers attacking Balancer successfully transferred 195 stS tokens from the frozen address 0xf19...fae2, which was frozen by Sonic Labs, to the new address 0x0e9c...44D5 through the permit() authorization mechanism, and exchanged them for WBTC and ETH, bypassing the asset freeze measures on the original address.

According to GoPlus, the creator of the meme coin "Binance Life" only profited about $4,000 from the project, missing out on a massive opportunity as the token reached a peak market value of $500 million. After deploying the "Binance Life" token on October 4, the creator, following his usual "flowing disk" strategy, cleared all chips in two transactions within 20 seconds, making a profit of about $4,000. However, just a few hours later, the token suddenly surged, reaching a market value of $500 million, with a daily trading volume of up to $410 million. A few hours after he sold, Binance Life quickly rose, and that address bought Binance Life again, making several quick trades back and forth.Stimulated by this, the creator subsequently launched 359 tokens in the following period, averaging 51 per day, including 292 similar Chinese meme coins like "Binance Alipay," "Binance Avenue," etc., in an attempt to replicate the success of "Binance Life," but none achieved significant profits.

ChainCatcher message, GoPlus Chinese community issued a security alert, the x402 cross-chain protocol @402bridge is suspected to be stolen. The Creator of the contract starting with 0xed1A transferred the Owner to the address 0x2b8F, and then the new Owner called the transferUserToken method in the contract to transfer all remaining USDC from authorized user wallets.Before minting, USDC must be authorized to the @402bridge contract, which caused more than two hundred users to have their remaining USDC transferred away due to excessive authorization. The address 0x2b8F transferred a total of 17,693 USDC from users, and then exchanged the USDC for ETH, which was subsequently transferred to Arbitrum through multiple cross-chain transactions. It is recommended that users who have participated in this project cancel the relevant authorizations as soon as possible; remind users to check whether the authorized address is the official address of the interactive project before authorizing, only authorize the necessary amount, and avoid unlimited authorization; and regularly check authorizations to cancel unnecessary ones.

According to ChainCatcher news, GoPlus, the Web3 security infrastructure, has announced that its new security service developed based on the x402 protocol has entered the full testing phase and will soon be officially launched.This service provides multiple functions for developers and AI agents on the x402 platform, including malicious address detection, token security detection, as well as transaction simulation and security analysis, effectively enhancing the security of blockchain transactions and real-time identification and blocking of transaction risks.GoPlus's security service will support permissionless calls for x402 developers and AI agents, and will offer a plug-and-play convenient experience through an on-demand billing model. This innovative security service is expected to handle over 30,000,000 calls, bringing higher security and commercial value to the x402 platform.

ChainCatcher news, according to GoPlus Chinese community, recently two users suffered significant losses due to signing malicious Permit signatures. One user lost $155,000 worth of aBascbBTC after signing a malicious Permit signature, while another user lost $90,000 worth of XAUt after signing a Uniswap Permit2 signature.GoPlus recommends not to click on unfamiliar links, not to install software from unknown sources, not to sign transactions with unclear content, and not to transfer funds to unverified addresses.

ChainCatcher message, GoPlus issued a security alert: Google search results for Uniswap are showing a counterfeit phishing website, and users have already fallen victim to attacks.Attackers often use Google sponsored ads and free Google sites domains to impersonate well-known Web3 websites, luring users into phishing sites to steal crypto assets.

ChainCatcher news, Web3 security infrastructure GoPlus announced that in response to the malicious minting and dumping attack on the Binance Alpha project GAIN, it has launched a security education campaign and activated its 500 million GPS security fund.This campaign will allocate 400,000 GPS as a special fund. Users participating in staking and learning security knowledge will have the opportunity to receive rewards from the security fund, aiming to enhance the security awareness and response capabilities of Web3 projects and users, and further strengthen the security protection of the Web3 ecosystem. Previously, GoPlus announced the launch of a 500 million GPS security fund, and users can obtain rewards from the security fund by participating in security event education activities.

ChainCatcher news, according to GoPlus analysis, the GAIN project was exploited by attackers due to a LayerZero Peer configuration error. The attackers initialized additional Peers on the ETH chain and minted TTTTT, bypassing cross-chain verification to anomalously issue 5 billion GAIN on the BSC chain.This incident is similar to the previous Yala attack, and the GAIN price has plummeted over 90%. Users are advised to temporarily cease interactions with this project to prevent losses.