Sirk

🆕 GoPlus GoPredict Plugin Update Prediction markets are growing fast — but two long-standing issues remain: 1️⃣ Outcomes can be manipulated Some markets rely on announcements from a single entity, making risks hard to identify in advance. 2️⃣ Rules are complex and misleading Settlement rules can be long, vague, or hide key conditions. 👉To address this, GoPredict introduces three new features: 🔴 Manipulation Risk Analysis Detects whether a market outcome could be controlled by a single entity. 📜 Rule Risk Alerts AI scans market rules to surface hidden clauses, subjective definitions, and unusual settlement conditions. 💡 Plain-Language Tag Explanations Complex indicators like liquidity and market imbalance are translated into simple explanations. GoPredict is bringing to prediction markets: - More transparent rules. - Clearer risks. - Safer decisions. Install the #GoPlus plugin and try GoPredict 👇 chromewebstore.google.com/search/GoPlus

1/ ⚠️ Vulnerability Analysis: Suspicious $50.4M Loss Case A user swapped 50.4M USDT for AAVE on #AAVE, but only received 327 AAVE (~$35.9K), resulting in a loss of about $50.3M. The root cause lies in how the transaction was settled. At the protocol level, @aave executed settlement through the settle function in the CoWSwap Protocol GPv2Settlement contract. During the process: The smart contract first swapped 50.4M USDT → 17,957 WETH Then swapped WETH → AAVE However, during the second swap, the SLP (SushiSwap LP) WETH/AAVE pool used had extremely low liquidity, containing only 17.65 WETH + 331.63 AAVE. As a result, the victim’s 17,957 WETH could only be exchanged for ~331 AAVE. Security Issues: • The CoW Protocol settle mechanism claims to choose the optimal on-chain route, but in this case it clearly did not. Instead, it routed the trade through a pool with severely insufficient liquidity, exposing clear business logic flaws and potential manipulation risks. • Even more suspicious: this SLP pool was deployed by AAVE itself more than 5 years ago, and the liquidity source traces back to Tornado Cash. • The AAVE frontend also lacked adequate safety protections in this scenario. Trades that could lead to over 90% loss should be automatically rejected, rather than showing a vague warning prompt. In reality, even a 50% loss would be unacceptable in most situations. Platforms should block such trades outright or require manual approval through a support process.

🚨 GoPlus Security Alert: A user lost approximately $53K worth of PAXG after signing a malicious #Approve transaction, allowing the phishing attacker to transfer the funds. Victim Address: 0x073B9767C6cC34E289692B973Da6b2312562eC0C Phishing Addresses: 0xAfb2423F447D3e16931164C9970B9741aAb1723E 0x6fE314fD4CF845f35fc461eD98e2FB8d9356B566 0xf1A50bbebA19a85dB20432c6c201aa89604dfd2B 0x1b4e4AC5f5E2eDf843F79123c52C3a2589AC1589 🛡 Security Tip: 1. Follow the #GoPlus Anti-Phishing “4 Don’ts” — Don’t click, don’t install, don’t sign, don’t transfer. 2.Install the GoPlus Security plugin to block phishing links, risky signatures, approvals, and transactions in real time 👉 chromewebstore.google.com/search/GoPlus

🚨GoPlus Security Alert: Beware of malicious installers disguised as the top Google Search result/ad for Claude Code Attackers are using Google Search ads to promote malware that is a pixel-perfect clone of the official #ClaudeCode installation page. Once installed, the malware can steal user passwords, cookies, session tokens, crypto wallets, credentials, and system information. 🛡️ #GoPlus Security Tips: 1. Check whether it’s an ad and verify the website Pay attention to whether the search result is marked as “Ad,” and carefully inspect the URL for subtle differences from the official site. 2.Verify through multiple channels Do not rely on a single search result. Confirm installation methods through official documentation, official social media accounts, GitHub repositories, and other trusted channels. 3. Be cautious with unfamiliar commands Do not run commands you do not recognize. Before executing them, understand what they actually do. 4. Install the GoPlus security plugin / Skill Real-time protection against phishing links, risky signatures, approvals, and transactions 👉 chromewebstore.google.com/search/GoPlus Dual-layer protection that automatically blocks dangerous commands and sensitive file writes 👉 github.com/GoPlusSecurity…

🚨 GoPlus Security Alert: Beware of Social Engineering Phishing Attacks Targeting High-Value Signal Users Phishing Tactics: 1. Fake “Official Bot” Attackers impersonate a non-existent “Signal Support Bot”, falsely claiming that the victim’s account is at risk and tricking users into sending their SMS verification code or Signal PIN. 2.Abuse of “Linked Devices” Attackers send fake group invitation or contact request QR codes to lure victims into scanning them. Once scanned, the attacker’s device becomes linked to the victim’s account, enabling synchronized monitoring of messages. This social engineering campaign is highly targeted, mainly focusing on government officials, military personnel, and journalists. The Dutch intelligence agencies AIVD/MIVD indicated that the activity may be linked to a state-sponsored hacking group. 📌 Remember the #GoPlus Anti-Phishing “Four Don’ts” — Don’t Click, Don’t Install, Don’t Sign, Don’t Transfer: Do not click unknown links, install software from untrusted sources, sign unknown wallet transactions, or transfer funds to unverified addresses.

🎉 GoPlus Security Plugin Giveaway — Winners Announced The #GoPlus Security Plugin Giveaway has ended. Thanks to everyone who participated and installed the GoPlus plugin 💚 After reviewing all valid entries, the winners are: 🏆 5U Winners (20) @tien5436 @BenjaminLin7 @dhanic95 @LucasTrana @demo2nzjub @dialanktom @WongsoBond11105 @xyzjellalz @0xazarr @0xaninda @zefisdom @mashagaIkanova @DiantoW4hyu @GGBond_0826 @thuanGouti @Eououo @mot1lanthoi @Crypto_Moon_88 @kushwallet @aurel_nurfaizah 🎁 Gift Box Winners (3) @mFIENNN @OwO_Twinkle @89eightcc 💰 Rewards • 5U rewards will be distributed within 72 hours to the wallet used to log in to the GoPlus plugin. • Gift box winners will be contacted via DM for shipping details. Thanks for your support! Stay tuned for more from #GoPlus 🛡️