GoPlus Security 🚦 Re-poster

GoPlus Security Notification

We are issuing an alert regarding a wallet that had remained dormant for nearly five years before being compromised. The breach occurred after the user unknowingly signed a fraudulent increaseApproval transaction, allowing the attacker to extract QNT tokens with an approximate value of $66,000.

Please find the relevant on-chain data below.

Address of the victim:
0xD1ef3B639676013A26825b5bae38F7959c39c09E

Identified phishing addresses:
0xAfb2423F447D3e16931164C9970B9741aAb1723E
0xF06b3310486F872AB6808f6602aF65a0ef0F48f8

Transaction:

Wir möchten Ihre Aufmerksamkeit auf einen Sicherheitsvorfall im Zusammenhang mit ClawdBot Skills lenken, bei dem mehr als 230 bösartige Module eingeführt wurden, um Kryptowährungsbestände anzugreifen. Diese Kampagne richtet sich speziell an Funktionen, die mit Krypto-Handels, sozialen Tools und automatischen Updates zu tun haben, mit einem besonderen Fokus auf Nutzer von Polymarket und Bybit. Sobald sie aktiv sind, versuchen diese kompromittierten Elemente, hochsensible Informationen wie Passwörter, Wallet-Schlüssel und API-Schlüssel von Börsen sowie Cloud-Anmeldeinformationen und SSH-Schlüssel zu exfiltrieren.

Die Gefahr wird verstärkt, da diese Bedrohung weit verbreitet bleibt und mit einem hohen Maß an Heimlichkeit operiert, insbesondere gezielt auf Krypto-Nutzer und diejenigen, die frühe Anwender von KI-Technologie sind. Zu Ihrem Schutz ist es wichtig, sich daran zu erinnern, dass KI-Fähigkeiten nicht gleichbedeutend mit sicherem Code sind. Bitte stellen Sie sicher, dass Sie KI-Tools niemals vollen Zugriff gewähren oder ihnen Ihre privaten Schlüssel zur Verfügung stellen.

We are writing to notify the community that @StepFinance_ has recently been subjected to an exploit. During this security breach, unauthorized parties successfully unstaked and removed approximately 261,854 SOL, which holds a value of roughly $30M, from a compromised stake account. The specific transaction record detailing this attack can be found at https://t.co/VkOpogqJlF. The wallet address connected to the attacker is identified as LEP1uHXcWbFEPwQgkeFzdhW2ykgZY6e9Dz8Yro6SdNu, while the stake account affected by the breach is 6G53KAWtQnZSSN6HUxnBs3yYsK1aCuJRbrcPbWGY71LL.

GoPlus was honored to serve as a roundtable guest during the Rebel in Paradise AI Hackathon. Hosted by @monad and @OpenBuildxyz, this worldwide event explores the intersection of AI and Web3 technologies. During our session, we emphasized the importance of enhancing both the safety and the expansion of the Web3 landscape. To learn more about this initiative, please visit https://openbuild.xyz/event/ai-hackathon-monad

🚨 AI Security Alert: We are issuing a warning about new threats involving IDE plugins, Agent hijacking, and vulnerabilities found in workflow engines.

🧵

Please be advised of a major security incident impacting @ApertureFinance and @0xswapnet. Losses are estimated at ~$17M in user funds following an exploit. The perpetrators took advantage of an arbitrary call vulnerability within contracts that were neither open-sourced nor audited.

During late 2025, schemes involving crypto and WhatsApp drained €23M from consumers in Belgium. Please exercise caution, as these common fraud habits repeat constantly.

Thread 👇

🛡️ AI Security Alert: Emerging threats such as prompt injection and dev environment infiltration are on the rise.

Here is a breakdown of 3 recent high-risk traps and how to protect against them.

🚨 The DeFi asset management protocol Makina Finance (@makinafi) has been exploited, resulting in its DUSD/USDC #CurveStable pool suffering a loss of approximately $5.1M USDC. 💥💰

Relevant incident details are listed below:

Attacker address:
0x935bfb495E33f74d2E9735DF1DA66acE442ede48

Exploit transaction:
https://t.co/mLYZs3lVCA

Exploit contract:
0x454d03b2a1D52F5F7AabA8E352225335a1b724E8

Targeted contract:
0x32E616F4f17d43f9A5cd9Be0e294727187064cb3

Funds recipient:
0xa6c248384C5DDd934B83D0926D2E2A1dDF008387

⚠️ Address Poisoning Attack | User Lost Over $510,000

A user has unfortunately fallen victim to an address poisoning attack, inadvertently sending funds to a malicious address on two separate occasions. This error resulted in a total loss of $514,003 ($509,003 + $5,000 = $514,003).

The attacker had laid the groundwork for this scheme by planting small “poison” transactions 33 and 55 days prior, simply waiting for a single copy-paste mistake.

I was convinced I’d found a straightforward, profitable trade 💰
The initial numbers looked fantastic…

Then, the GoPlus extension alerted me: ⚠️ Low liquidity detected

That was a narrow escape… I nearly ended up as exit liquidity 😮‍💨

🚨 Major Incident Alert: We have observed that YO Protocol @yield recently executed a substantial swap involving ~$3.84M $stkGHO for $USDC.

Unfortunately, owing to a potential operational error or misconfiguration within an @Uniswap V4 liquidity pool, this transaction suffered from massive slippage. As a result, the swap yielded only ~$112k USDC, leading to a total loss of ~$3.7M which was captured by the LPs of that specific pool.

Loss tx: https://t.co/fSWW4llPGh

In the aftermath of this incident, the project’s multi-sig has taken action by repurchasing ~$3.71M worth of $GHO through CoWSwap. Additionally, they have redeemed and deposited an equivalent value of $stkGHO back into the treasury.

Recovery tx: https://t.co/DabGp9i8Ar

Furthermore, the team has broadcasted an on-chain message proposing a solution where LPs may retain 10% of the captured funds as a bug bounty, provided they collaborate to return the remainder.

On-chain msg tx: https://t.co/mEzDx79w8c

🔒 Security Recommendations:

**For traders:** When swapping large amounts, please ensure you employ price limits, slippage protection, MEV protection, and pool whitelisting.

**For Uniswap v4 participants:** It is crucial to assess Hook and liquidity risks to safeguard against "slippage bombs."

To Developers Who Have Not Yet Used an API Key: Full Upgrade Benefits for Token Security API

The Token Security API has achieved a major evolution! We are rolling out this important upgrade to ensure all developers enjoy more stable and powerful data services. Rest assured, all existing free services are fully retained, allowing you to unlock additional benefits at zero cost!

✅ **Exclusive benefits available upon registration:**
- A personal Exclusive API Key
- Higher call frequency limits
- Lower response latency

**The upgrade process requires only 2 steps (completed in 1 minute):**
1. Register a Dashboard account using your email: https://t.co/HqqEf0myW1
2. Directly obtain your exclusive API Key, which is effective immediately.

Web3 wird weiterhin von Hacks betroffen. Genug ist genug.

Welche wesentlichen Sicherheitstools fehlen uns noch?
Welche speziellen Schutzmaßnahmen benötigen Sie tatsächlich?

Teilen Sie Ihre Meinung mit #GoPlus in den Kommentaren oder DMs.

💰 $100 Belohnung, wenn Ihre Idee umgesetzt wird.

🛡 AI Security Alert: Significant Risks in AI Coding Supply Chains & Prompt Theft

**🚨 Trap #1: Malicious Chrome Extensions Targeting AI Chats**
Two fraudulent extensions have unfortunately compromised over 900,000 users. The affected tools are:
• “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” (600K+ users)
• “AI Sidebar with DeepSeek, ChatGPT, Claude, and more.” (300K+ users)

⛔️ **The Risk:** Every 30 minutes, these tools exfiltrate full ChatGPT / DeepSeek conversation histories and all browser tab URLs directly to servers controlled by attackers.
🎯 **Threats:** Corporate espionage, phishing, and social engineering.
✅ **Action:** Uninstall any unverified extensions immediately.
🔗 Details: https://t.co/IpoUYToZtd

**🚨 Trap #2: Critical n8n RCE Vulnerability**
A severe vulnerability, identified as CVE-2025-68668, is currently affecting n8n versions v1.0.0 through <2.0.0. This flaw permits attackers to execute arbitrary system commands utilizing n8n privileges.

🎯 **Threats:** 0-day exploitation, data leaks, and full server compromise.
✅ **Action:** Upgrade to n8n v2.0.0 immediately.
🔗 Details: https://t.co/1lyoHmGsxQ

**🚨 Trap #3: Supply Chain Attacks in AI Coding**
AI-enabled IDEs such as Cursor, Windsurf, Google Antigravity, and Trae may inadvertently recommend OpenVSX extensions that do not exist. Attackers can hijack these names to publish malicious look-alike plugins (e.g., fake PostgreSQL extensions).

🎯 **Threats:** Developer compromise, backdoors, and credential theft.
✅ **Action:** Always verify extension publishers and sources.
🔗 Details: https://t.co/ga35mNVc5h

**🔐 Recommended AI Security Best Practices**
• Use official channels only for tools & extensions.
• Patch and update software regularly.
• Treat AI prompts & outputs with the same care as sensitive data.
• If something looks suspicious — stop operations immediately.

⚠️ AI boosts productivity, but insecure AI tooling carries significant risks. Please stay vigilant.

1/ 🚨 Important Alert! As we step into 2026, there is a notable increase in Web3 phishing scams—it's crucial to remain vigilant regarding the security of your assets!

Trap #1: Phishing emails that closely mimic legitimate sources are particularly dangerous.

Cybercriminals are masquerading as reputable projects like MetaMask and Coinbase, dispatching phishing emails that claim to be related to security updates, 2FA verification, unusual login notifications, or compliance with regulations, all with the objective of obtaining your seed phrase or private keys.

⚠️ Caution: Exercise extreme care with any request prompting you to provide your seed phrase or private key—this is likely a scam 👇

January 3rd marks the inception of a revolutionary journey. 🧡

In 2009, Satoshi Nakamoto successfully mined the Genesis Block of Bitcoin, incorporating a message that questioned the traditional financial systems ⛓️

At #GoPlus, we commemorate this pivotal moment while diligently working to uphold the trustless future it has sparked. 🛡

🎉 Wishing everyone a joyful New Year from the #GoPlus team! 🎊

🔐 As we enter 2026, we extend our heartfelt wishes for your success, prosperity, and, above all, the safety of your crypto assets. Let’s collaborate to create a more secure Web3 environment together.

Stay safe. Stay secure. 💚

🗞️ BREAKING NEWS! GET THE LATEST UPDATES!

#GoPlus Security Sentinel Times brings you the headlines:

💰 A staggering $3.5 BILLION was misappropriated in 2025
🔑 Over 300 instances of private key theft
🎣 More than 400 phishing incidents recorded
🪙 Meme coins suffer the greatest impact

Your trusted source for cryptocurrency security news has arrived! 📰