GoPlus Security 🚦

3.7K posts

GoPlus Security 🚦 banner
GoPlus Security 🚦

GoPlus Security 🚦

@GoPlusSecurity

Protect Your Every Transaction. User App: https://t.co/FHHKZyzH1j 🛡️ Dev Integration: Security Intelligence & SafeToken Protocol 🛡️

On-Chain Katılım Mayıs 2021
1.1K Takip Edilen445.7K Takipçiler
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
🚨 GoPlus Security Alert: Lending protocol @bonzo_finance was exploited due to an Oracle verification vulnerability, resulting in losses exceeding $9 million. The integrity of every price read by Bonzo Lend relies on BLS signature verification. In this incident, the field value of the BLS signature on the message was [0,0], i.e., a zero signature. The BLS signature verifier constructed a BLS pairing check based on the input and passed it to Hedera's pairing precompile (system contract 0.0.8). Because both the submitted signature point and the referenced committee public key resolved to zero (the "point at infinity"), the pairing equation trivially held true, and the precompile returned 1 (true). Simply put, an invalid BLS signature passed the oracle verifier's verification, after which the manipulated price was accepted and written on-chain, and subsequently consumed by Bonzo Lend. For more details, please refer to: bonzo.finance/blog/bonzo-len… The attacker then bridged the stolen assets (ETH and WBTC) to #Ethereum. Attacker address: 0xaf20D792A19fD42dCf697ceBa6100291D96dD93e
GoPlus Security 🚦 tweet media
English
1
1
19
6.4K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
⚠️ According to ZachXBT, an early whale address associated with the #Solana genesis block was reportedly compromised, resulting in an estimated loss of $14.2M (180.9K $SOL). Based on on-chain analysis, the funds first underwent abnormal unstaking, then flowed through newly created Solana wallets for consolidation and swaps, before being bridged to Ethereum for transfer. Victim Address: HwtbQBNnLERakdUDuCCLWmUs2oETLFQZeHUWeQdPads Attacker Addresses: Ffd1oB2aYM5UzMYUM7TmxULDRQb6KzgrBwmgj9U1C2bE (Solana) 653pnn5fzF51FfotBwxua55Es4QXxTdaXJLbPczVmswp (Solana) 0xaa5cfa4e96dda0f9aa30f4dc948b542a9b5817c6 (Ethereum) 0x536b4ee7507c41143e1b0bd1bf3f2b84be404836 (Ethereum) 0xbf11bdfbeb9ed137c352c81e45d191cacae6b0cf (Ethereum) The attacker has begun laundering the stolen funds through #TornadoCash.
GoPlus Security 🚦 tweet media
English
2
3
17
5.6K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
⚠️Top 10 Security Incidents (January–June 2026) 1:KelpDAO, April 18, loss of approximately $292 million. The attacker exploited a verification flaw in the LayerZero-related cross-chain bridge validation flow, released a large amount of unbacked rsETH, and rapidly supplied it to protocols including Aave, Compound, Euler, and Fluid for borrowing and cashing out, ultimately evolving into a cross-protocol bad debt contagion event. 2:Drift Protocol, April 1, loss of approximately $285 million. The attacker obtained protocol administrative control by leveraging durable nonce, social engineering, and weaknesses in multisig governance, then introduced forged collateral assets and manipulated protocol parameters to drain a large amount of real assets from the protocol. 3:Step Finance, January 31, loss of approximately $40 million. The compromise of high-privilege devices and the treasury private key system resulted in significant asset losses. On February 24, the project announced it would cease operations. 4:Humanity Protocol, June 9, loss of approximately $31 million to $36 million. The root cause was improper management of private keys and multisig keys. After compromising critical devices, the attacker took over bridge administrative privileges and carried out fund transfers and abnormal minting across multiple chains. 5:Truebit, January 8, loss of approximately $26.6 million. The attacker exploited an integer overflow/pricing logic flaw in a legacy contract to mint a large amount of TRU at low cost and dump the tokens on the market, causing the token price to collapse rapidly. 6:Resolv Labs, March 22, loss of approximately $25 million. After obtaining high-privilege signing capabilities, the attacker exploited the lack of supply caps and ratio validation in the minting logic to mint approximately 80 million unbacked USR and cash them out. 7:SwapNet, January 25, loss of approximately $13.4 million. Its closed-source contract contained arbitrary-call / approval abuse risks. The attacker leveraged users' existing approved allowances to trigger malicious transferFrom calls and drained users' assets at scale. 8:Verus-Ethereum Bridge, May 18, loss of approximately $11.58 million. The cross-chain bridge failed to strictly verify whether the source-chain input amount matched the destination-chain release amount during the validation process. The attacker exploited this flaw to forge valid payloads and withdraw assets. 9:YieldBlox, February 22, loss of approximately $10.97 million. The attacker manipulated the price of USTRY in a low-liquidity market, causing the oracle to overestimate the collateral value, and then executed excessive borrowing from the Stellar lending pool. 10:THORChain, May 15, loss of approximately $10.7 million. A newly joined node operator exploited weaknesses in the GG20 threshold signature scheme, compromised a single vault, and withdrew assets across multiple chains, exposing the systemic risks of cross-chain signing infrastructure.
GoPlus Security 🚦 tweet media
English
1
2
10
4.1K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
🚨GoPlus Security Alert: A user lost $1M in USDT to phishing attackers after signing a malicious #Approve transaction. Victim address: 0x8C949361B49320C48a51F4B1C6f9f83862530F89 Phishing addresses: 0x6D8c070338eC3d297f1D0ECEEA296bd7E13a32b9 0xf84c62572eEaFC90C0BCE3Fb6c85bCB573E68d93 0xc508a8C01bc3835BE67e0e5554B7D91A1bb70Da1 🛡 Security Tips: 1. Follow the #GoPlus Anti-Phishing “4 Don’ts”: Don’t click unknown links, don’t install untrusted software, don’t sign suspicious transactions, don’t transfer funds to unverified addresses. 2. Install the GoPlus Security extension to block phishing links, risky signatures, approvals, and transactions 👉 chromewebstore.google.com/search/GoPlus
GoPlus Security 🚦 tweet media
English
0
3
22
6.2K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
😱Binance Alpha-listed project @TacBuild dropped 86% — but it was not hacked❓ Investigation found 18 suspected airdrop addresses (with no transaction history) that conducted large-scale cross-chain transfers of 716M $TAC and continued selling, generating approximately $1.975M in profits. This directly caused the $TAC price to drop 86%. These addresses still hold 172M TAC (worth $740K). The TAC team has not yet responded to this collapse incident. Not long ago, on May 14, the TAC-TON cross-chain bridge was attacked due to a lack of verification, resulting in a $2.86M loss. Following negotiations with the attacker, 90% of the funds were returned.
GoPlus Security 🚦 tweet media
English
1
0
13
7.2K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
Lean #Ethereum — Ethereum’s third major upgrade in history shows that #ETH is seriously rethinking its underlying technical architecture. Recursive STARKs, privacy, formal verification, and quantum security are finally being placed where they belong. However, the challenge is also clear: if new kinds of state are not handled properly, the improvements in scalability may come with increased complexity and security burdens shifted to the application and infrastructure layers. From a security perspective, we are particularly focused on the following points: 1. Whether new state types will introduce new composability risks. Changes in state type consistency, visibility, ordering semantics, and proof costs may lead to a new wave of security vulnerabilities and attack vectors in the future. How these risks can be identified, prevented, and mitigated as early as possible will be critical. 2. Preparation for post-quantum security. Three to four years may not be a long time for protocol evolution, but for cryptographic migration, it is definitely not a short window. Quantum security is not a “feature launch” problem, but a “full ecosystem coordinated migration” problem. The later the preparation begins, the greater the friction during future transitions. It is recommended to define compatible layers, transition layers, and replacement paths that can be implemented early. 3.Regarding the “new VM”, if Ethereum is truly going to be rebuilt around recursive proofs, verifiable execution, and stronger privacy capabilities in the future, relying solely on today’s EVM is clearly unrealistic. Introducing an execution model better suited for proof systems is a natural direction. But how should paths such as Cairo, RISC-V, and leanISA be chosen? We believe that an execution environment designed to be ZK/STARK-friendly is indeed more aligned with long-term development logic than continuing to build endless compatibility on top of existing abstractions. However, this cannot be evaluated solely from the perspective of “better performance”. Migration costs, developer learning curves, audit ecosystem maturity, and most importantly, the social acceptability of protocol governance must also be considered. The technically optimal solution is not necessarily the one that can be most easily adopted at the system evolution level.
vitalik.eth@VitalikButerin

Two weeks ago, Ethereum researchers met in Berlin to continue charting the protocol's long-term trajectory, following along discussions with client teams in Svalbard in April. The updated strawmap is at strawmap.org, and I attached a picture of it to this post. My own high-level takeaways: * "Lean Ethereum" is not a single one-shot upgrade, it is a collection of improvements that will come online to the Ethereum network over the course of three or four years. But make no mistake, this IS the third major iteration of Ethereum in the same way that the Merge was the second. Almost every major piece of the protocol will be replaced: - Verification through recursive STARKs, rather than direct re-execution. Recursive STARKs become an enshrined first-class core component of the protocol - Replacing everything quantum-vulnerable with quantum-safe alternatives - Consensus: decoupled available chain and finality, one or two-round finality. Theoretically optimal security properties, simpler than today, and faster than today - Multidimensional gas - State: not just tree structure, but what *types* of state are available - Changes to client architecture ... At the same time, simplification, cleanup and future-proofing. And this will all be done in a way that minimizes disruption to existing application. We've done this before (the Merge), we can do it again. * H-star (aka Hegota) is probably Ethereum's last thematically "pre-Lean" fork. Starting from I-star, most of everything we do will have a very strong "Lean" feel to it in one way or another. * Privacy is no longer an afterthought, it is a first class goal. When designing Frames, the mempool, additions to the state tree, we explicitly ask the question "okay, how do quantum-safe, intermediary-free privacy protocol transactions go through this, and what is the overhead?" * Formal verification of everything for security. * FV also makes us much more comfortable with canonicalization (having pieces of the protocol that are directly defined as a piece of bytecode expressed in some language). evm-asm is being written in part to become a canonical proof system for the EVM. * Quantum safety has shifted up a LOT in priority. This adds a lot of work (eg. finalizing a quantum-safe blobs design has become urgent; this work has already been ongoing for months) * Probably the single most disruptive part of the plan is the changes to state. There is growing consensus around leaving present-day-style "dynamic state" mostly unchanged, but scaling it only a medium amount, and adding new types of state that are more scalability-friendly (eg. no need for builders to sync/store all of it) but more restrictive, and that will scale a large amount. eg. possible Ethereum in 2030: 2 TB of present-day-style (dynamic) state, and 100 TB of new-style (scalable but restrictive) state This "new-style" state would work very well for ERC20s, NFTs, many defi use cases, but not eg. highly "central" objects like Uniswap contracts, or onchain order books, or other complex things (which are crucial for Ethereum but which only take up a small percentage of state) Hence, it will not be *necessary* to rewrite any apps, but it will be *very cost-effective* to eg. rewrite an ERC20 token into a newer design that uses a new type of UTXO storage that is currently being explored, so that it will have >10x lower txfees. Design of these new state types (current ideas: keyed nonces, ring buffers, UTXOs, statically accessible state, temp state) is an area where we will need a lot of feedback from application developers (incl. privacy-friendly application developers) and probably several rounds of rethinking and iteration. * In the context of a much larger total state size, we need to figure out the incentive issues around who stores this state and what motivates them to. Even saying "each node stores 1%" is not good enough - why do they store that 1% and why are they willing to serve it? This is being elevated as a first-class research area. * Ethereum will need to have a "VM" other than EVM in one form or another - at the very least, we need something like leanISA for recursive STARKs - and the gains are large in exposing it to users so that we support programmable privacy and better scalability. Right now, the most likely contenders are leanISA and RISC-V. My own ideal is that in this world, we adjust the protocol so that the EVM becomes a high-level-language compiler-level feature, and the protocol only "sees" RISC-V / leanISA directly. But this is still far away. * Gas limit increases, blob increases and slot time decreases will happen many times over the next ~5 years. We expect a large gas limit increase with Glasterdam. Each step of increased scale or decreased slot time is a matter of getting to the point where it is safe to do it, which comes from a combination of client optimization and protocol changes. Ethereum is CROPS. Ethereum is scaling. Ethereum is reinventing itself. Onward.

English
2
0
7
5.5K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
🧵2/2 ▪️Key Configuration: Quorum = 1%, Timelock = 0, Proposal Threshold = 100M BONK, Voting Power = Circulating BONK (not staked/locked), Treasury transfers can be executed directly via Realms. ▪️Proposer / Executor 8xxRdtzsw1CJWfEahViqNjZwh5dYJAdSbBctWwcbycVo ▪️Primary Voting Address CyEE7oHVDaFJ5xZLbXY3h2Z2uk1VwhTkdy72kPUEtypQ ▪️Timeline (UTC): • June 30 – The proposer created BIP #76, embedding the attack instruction (Send 4,426,104,450,305 BONK to 9bxWkNf3BtJ6iehq9KbX9uCWMjem4TFiPZ19T2sYJHvQ). After signing, the proposal entered the voting phase. • July 4–July 5 – The voting address purchased 882.3B BONK from exchanges. • July 5 – 882,285,249,588.801 BONK was locked into governance. • July 5 – The decisive YES vote was cast (only 7 votes in total): 882.38B YES vs. 710.85M NO from the community. • July 6 08:25:39 – Voting closed. • July 6 – The proposer finalized and executed the proposal; the attack transfer was initiated within one minute after voting ended. On July 6, the voting address withdrew its vote and unstaked 882,285,249,588.801 BONK. The actual attack consisted of a single transfer. After the proposal passed, 4,426,104,450,305.966 BONK was transferred from a BonkDAO-related address to the attacker's address 9bxWkNf3BtJ6iehq9KbX9uCWMjem4TFiPZ19T2sYJHvQ: solscan.io/tx/5tPU1srcRcn…
GoPlus Security 🚦 tweet media
English
0
0
1
911
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
🧵1/2 🚨GoPlus Security Alert: #BONK Suffers Governance Attack, Resulting in a $20M Loss Bonk (@bonk_inu) was hit by a malicious governance proposal attack. A total of 4.426T $BONK held in the BonkDAO wallet was transferred to a malicious address (9bxWkNf3BtJ6iehq9KbX9uCWMjem4TFiPZ19T2sYJHvQ). The malicious proposal remained live for 6 full days without any effective intervention, ultimately resulting in a total loss of approximately $20 million. Attack proposal details: v2.realms.today/dao/84pGFuy1Y2…
GoPlus Security 🚦 tweet media
BONK!!!@bonk_inu

BonkDAO was the target of a malicious governance proposal resulting in an estimated $20M worth of BONK tokens being drained from the BonkDAO treasury. During the investigation, BonkDAO identified the exchange wallets used to purchase BONK ahead of the proposal. BonkDAO is currently actively working with exchanges, bridges and Solana Foundation to best manage the situation. Law enforcement has been notified. BonkDAO continues to work with relevant parties to recover funds and identify those responsible.

English
6
0
13
6.7K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
🚨 GoPlus Security Alert: DeFi @summerfinance_ has been exploited. The attacker manipulated liquidity via a flash loan, resulting in an estimated profit of $6 million. 
 Attacker Address:
0x7BF716167B48CF527725722C6d79494b45B3BDCa 
 Attack Contract:
0x0514F827C129C16418a0933E03C99A6AF982FC61 
 Affected Contract Addresses:
0x98C49e13bf99D7CAd8069faa2A370933EC9EcF17
0xE9cDA459bED6dcfb8AC61CD8cE08E2D52370cB06
0xA9ca4909700505585B1aD2a1579dA3b670FFA9c4 Attack Transaction: etherscan.io/tx/0x0db528c44…
GoPlus Security 🚦 tweet media
English
1
3
24
6.5K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
😱 How Did $2M End Up Swapped Into Just $14K? This was a real, highly imbalanced backrunner arbitrage, not a classic sandwich attack. Titan Builder captured the majority of the value from this incident, but not by "directly taking ETH from the victim's address." Instead, it was extracted by a searcher/backrunner. During the victim's transaction, the routing contract selected a low-liquidity AVAIL/WETH pool. Due to an oversight, the user purchased AVAIL at a severely inflated price, resulting in significant losses. Later in the same block, the backrunner sold a small amount of externally sourced AVAIL back into the pool, extracting approximately 1,072 WETH, and paid approximately 1,018 ETH to Titan Builder as a builder payment. The user ultimately spent approximately 1,126.4409 ETH but received only approximately 5,775.66 LIT: ▪︎ 1,116.8661 ETH -> 6,678,869.8333 AVAIL on Uniswap V3 ▪︎ 5,877,385.7340 AVAIL -> 14,508.015161 USDC on Uniswap V3 ▪︎ 14,508.015161 USDC -> 5,775.663051 LIT on Uniswap V4 The same-block arbitrage transaction first swapped 0.3942 WETH for 697.268911 USDT. It then obtained 2,154.1720 AVAIL. It then sold that small amount of AVAIL back into the AVAIL/WETH pool, extracting 1,072.4640 WETH. It subsequently transferred 1,018.2518 ETH directly to Titan Builder (0x4838b1). Root cause: When the victim bought AVAIL, the execution price was approximately 120× the price that could later be realized. This happened because the routing contract routed a large amount of WETH into a low-liquidity AVAIL/WETH pool, causing the victim to receive AVAIL executed at a severely inflated valuation before ultimately swapping it into LIT. Backrun arbitrage: After the victim's mistaken trade, the pool contained a large amount of newly added WETH and AVAIL whose price had been artificially inflated. The backrunner only needed to source a very small amount of AVAIL elsewhere at its true market price to extract the WETH from the pool. Based on the arbitrage transaction, the bot incurred a cost of only about 0.3942 WETH, yet extracted a net inflow of 1,072.0698 WETH. This is a textbook case of same-block backrun extraction.
GoPlus Security 🚦 tweet media
Lookonchain@lookonchain

Someone swapped 1,126.44 $ETH($2.01M) for only 5,776 $LIT($14,208), losing nearly $2M! 😱 debank.com/profile/0xff89…

English
4
1
16
7.3K
Custos
Custos@custos_labsxyz·
20.24M $GPS in prediction volume. 165.50% peak $GPS Rollocker APY. 🔥 Together with @GoPlusSecurity, Custos brings $GPS from Rollocker yield into live prediction markets in one seamless flow. ⭐️ Use $GPS on today’s prediction markets to get a +10% Winning Weight Boost ⤵️ dapp.custos.global/topic/world_cup
Custos tweet media
English
26
1
23
1.6K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
🚨 GoPlus Security Alert: Stablecoin privacy protocol @hinkal_protocol is suspected to have been exploited. The attacker stole $USDC from the Hinkal contract through prooflessDeposit() and multiple transact calls, with a total value of approximately $820,000. Attacker Address: 0xbB3f01a1b1C68F3DEB36C55342b5F5706c32fc20 Affected Contract Address: 0x25e5e82f5702A27C3466fE68f14abDbbAdFca826 Example Attack Transactions: etherscan.io/tx/0xbf7252af5… etherscan.io/tx/0x93aeb876e…
GoPlus Security 🚦 tweet media
Specter@SpecterAnalyst

@hinkal_protocol @turnkeyhq you may have been exploited for a loss of $822k Theft address: 0xbB3f01a1b1C68F3DEB36C55342b5F5706c32fc20 Stay Smart

English
1
7
32
9.7K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
🚨GoPlus Security Alert: The stock tokenization platform @edeldotfinance was attacked, resulting in a loss of approximately $403,000. The attacker used a flash loan to repeatedly supply and borrow, manipulating the xStocks exchange rate between wGOOGLx and GOOGLx, artificially inflating the collateral value of wGOOGLx. The attacker then borrowed additional assets from the protocol, including 384,215 USDC, 122.20 wSPYx, 62.97 wQQQx, 293.12 wMSTRx, 99.85 wNVDAx, and 37.59 wTSLAx. Finally, the attacker repaid the flash loan and profited approximately $305,000. Attacker address: 0x58428161bB55c14A413945f06cbDeC157F411C76 Attack contract addresses: 0x1f05c70db2ffa1b1bac62b27e7678b765ebe7167 0x8b2af1a9885e4755d22ce4a49f7a525a33f1c9e4 0xa65a2f97044f4398200e02ff9c88351cb7cc1500 Attack transaction: etherscan.io/tx/0xe2320086b…
GoPlus Security 🚦 tweet media
Edel Finance@edeldotfinance

An Update from the Edel Team Earlier today, Edel identified and contained an exploit affecting Edel Lending. The exploit involved manipulation of the wrapped xStocks exchange rate between wGOOGLx and GOOGLx, causing wGOOGLx collateral to be valued at approximately 78x its correct value. The attacker used that inflated collateral value to borrow from the protocol, creating approximately $403k in protocol bad debt. Immediately after detection, the Edel team paused all V1 contracts. Edel V1 remains paused, and users should not interact with the V1 deployment while protocol activity is suspended. The team has preserved the relevant protocol records and is using them to determine affected balances for restoration. No depositor will bear any loss from this incident. The Edel team will absorb the bad debt and restore affected depositor balances 1:1. Edel V2 is being deployed with a redesigned oracle architecture intended to prevent this class of exchange-rate manipulation. Once deployment and balance restoration are complete, restored balances will be available directly in the Edel application. We will share timing as soon as it is finalized. We have traced the attacker’s transactions and are coordinating with exchanges, ecosystem partners, and other relevant stakeholders. In parallel, we have extended a formal whitehat settlement offer to the responsible party, providing a defined window to return the remaining funds in exchange for an authorized security bounty. A full technical post-mortem will follow with the exploit path, root cause, and the changes introduced in Edel V2. This incident also reinforces the importance of EIP-01, which will introduce governance over protocol risk parameters, supported collateral, and future market configuration while preserving the team’s ability to respond immediately to security-critical events. Our immediate priorities are containment, user restoration, and transparent follow-up. We will continue updating users until affected balances have been restored in full. The Edel Team

English
2
2
27
8.1K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
⚽ Every attack has its own playbook. 🛡️ Our mission never changes. Before risk reaches you, #GoPlus makes the save. Your security goalkeeper. Clean Sheet for Your Security. 🥅
GoPlus Security 🚦 tweet media
English
0
0
5
3.6K
Custos
Custos@custos_labsxyz·
Two weeks. $105K+ in volume. 1,557 trades. $GPS and $FORM are doing the heavy lifting on Custos, together driving 85% of everything traded 👇 @GoPlusSecurity @fourdotmemezh your communities showed up 🤝
Custos tweet media
English
6
1
11
1.4K
GoPlus Security 🚦 retweetledi
Custos
Custos@custos_labsxyz·
⚡ Predict with $GPS, $LISTA & $PUFFER for a +8% Boost Token Boost Rotation 🔁 Matchdays 16–20 | Jun 26–30 ET @GoPlusSecurity, @lista_dao and @puffer_finance communities, take the field. ⭐Round 2: Star Round is next. When the Opening Round ends, Tokens Clash moves into the Round of 16 and Quarter-finals with a +10% Token Special Boost.
Custos tweet media
English
4
1
12
1.4K
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
🧵3/3 ✅ Smart contracts related to recent vulnerability incidents have been updated to the GoPlus AI Auditing Benchmark (an AI smart contract auditing benchmark dataset grounded in real-world exploit events): github.com/GoPlusSecurity… ✅ DeepScan V1 is now live — welcome to try it: deepscan.gopluslabs.io
GoPlus Security 🚦 tweet media
English
0
0
2
760
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
🧵2/3 👉27 minutes to detect the JoeAgentToken contract vulnerability
GoPlus Security 🚦 tweet mediaGoPlus Security 🚦 tweet media
English
1
0
1
924
GoPlus Security 🚦
GoPlus Security 🚦@GoPlusSecurity·
🧵1/3 🧯Old contract exploits keep happening — how should projects respond? Recently, smart contract vulnerability attacks have been occurring frequently. In particular, legacy contracts deployed years ago are being increasingly exploited as attackers leverage AI techniques to surface vulnerabilities, causing significant losses for both projects and users. ▪︎ On June 9, the Token of Power (TOP) contract on #ETH, deployed 7 years ago, was exploited, resulting in a loss of approximately $1.5 million; ▪︎ On May 25, the 3-year-old contract of WUSD.fi was attacked, causing a loss of around $200,000; ▪︎ On June 14 and June 18, @aztecnetwork was attacked twice consecutively, both due to a 2-year-old legacy contract being exploited, with total losses exceeding $4 million. To address this crisis, adopting AI-based continuous and always-on audit services may be the only effective path forward. AI audits can complete security checks on historical contracts in a short time, balancing reliability and cost-effectiveness, helping eliminate these hidden risks for projects and developers. GoPlus’ AI continuous audit platform DeepScan reviewed several recent legacy contract exploit incidents and found that DeepScan could detect the vulnerabilities within a very short time. Losses that could have been prevented were instead handed over to attackers — a truly unfortunate outcome. 👉12 minutes to detect the Token of Power (TOP) contract vulnerability
GoPlus Security 🚦 tweet mediaGoPlus Security 🚦 tweet mediaGoPlus Security 🚦 tweet media
English
4
1
11
6.2K