GoPlus Security 🚦 Re-poster
Protect Your Every Transaction.
User App: https://t.co/FHHKZyzH1j 🛡️
Dev Integration: Security Intelligence & SafeToken Protocol 🛡️
0 Seguiti
9 Follower
4 Mi piace
0 Condivisioni
Post
Tutti
Video
Notifica di Sicurezza GoPlus
Stiamo emettendo un avviso riguardo a un portafoglio che era rimasto inattivo per quasi cinque anni prima di essere compromesso. La violazione è avvenuta dopo che l'utente ha firmato inconsapevolmente una transazione fraudolenta di increaseApproval, consentendo all'attaccante di estrarre token QNT con un valore approssimativo di $66.000.
Si prega di trovare i dati on-chain pertinenti di seguito.
Indirizzo della vittima:
0xD1ef3B639676013A26825b5bae38F7959c39c09E
Indirizzi di phishing identificati:
0xAfb2423F447D3e16931164C9970B9741aAb1723E
0xF06b3310486F872AB6808f6602aF65a0ef0F48f8
Transazione:
Stiamo emettendo un avviso riguardo a un portafoglio che era rimasto inattivo per quasi cinque anni prima di essere compromesso. La violazione è avvenuta dopo che l'utente ha firmato inconsapevolmente una transazione fraudolenta di increaseApproval, consentendo all'attaccante di estrarre token QNT con un valore approssimativo di $66.000.
Si prega di trovare i dati on-chain pertinenti di seguito.
Indirizzo della vittima:
0xD1ef3B639676013A26825b5bae38F7959c39c09E
Indirizzi di phishing identificati:
0xAfb2423F447D3e16931164C9970B9741aAb1723E
0xF06b3310486F872AB6808f6602aF65a0ef0F48f8
Transazione:
We want to bring your attention to a security breach involving ClawdBot Skills, where more than 230 malicious modules have been introduced to target cryptocurrency holdings. This campaign specifically aims at functions related to crypto trades, social tools, and auto-updates, with a particular focus on users of Polymarket and Bybit. Once active, these compromised elements attempt to exfiltrate highly sensitive information, such as passwords, wallet keys, and exchange API keys, in addition to cloud credentials and SSH keys.
The danger is amplified because this threat remains widely available and operates with a high degree of stealth, specifically preying on crypto users and those who are early adopters of AI technology. For your protection, it is vital to remember that AI Skills are not synonymous with secure code. Please ensure you never grant AI tools full access or provide them with your private keys.
The danger is amplified because this threat remains widely available and operates with a high degree of stealth, specifically preying on crypto users and those who are early adopters of AI technology. For your protection, it is vital to remember that AI Skills are not synonymous with secure code. Please ensure you never grant AI tools full access or provide them with your private keys.
We are writing to notify the community that @StepFinance_ has recently been subjected to an exploit. During this security breach, unauthorized parties successfully unstaked and removed approximately 261,854 SOL, which holds a value of roughly $30M, from a compromised stake account. The specific transaction record detailing this attack can be found at https://t.co/VkOpogqJlF. The wallet address connected to the attacker is identified as LEP1uHXcWbFEPwQgkeFzdhW2ykgZY6e9Dz8Yro6SdNu, while the stake account affected by the breach is 6G53KAWtQnZSSN6HUxnBs3yYsK1aCuJRbrcPbWGY71LL.
GoPlus was honored to serve as a roundtable guest during the Rebel in Paradise AI Hackathon. Hosted by @monad and @OpenBuildxyz, this worldwide event explores the intersection of AI and Web3 technologies. During our session, we emphasized the importance of enhancing both the safety and the expansion of the Web3 landscape. To learn more about this initiative, please visit https://openbuild.xyz/event/ai-hackathon-monad
🚨 AI Security Alert: We are issuing a warning about new threats involving IDE plugins, Agent hijacking, and vulnerabilities found in workflow engines.
🧵
🧵
Please be advised of a major security incident impacting @ApertureFinance and @0xswapnet. Losses are estimated at ~$17M in user funds following an exploit. The perpetrators took advantage of an arbitrary call vulnerability within contracts that were neither open-sourced nor audited.
During late 2025, schemes involving crypto and WhatsApp drained €23M from consumers in Belgium. Please exercise caution, as these common fraud habits repeat constantly.
Thread 👇
Thread 👇
🛡️ AI Security Alert: Emerging threats such as prompt injection and dev environment infiltration are on the rise.
Here is a breakdown of 3 recent high-risk traps and how to protect against them.
Here is a breakdown of 3 recent high-risk traps and how to protect against them.
🚨 The DeFi asset management protocol Makina Finance (@makinafi) has been exploited, resulting in its DUSD/USDC #CurveStable pool suffering a loss of approximately $5.1M USDC. 💥💰
Relevant incident details are listed below:
Attacker address:
0x935bfb495E33f74d2E9735DF1DA66acE442ede48
Exploit transaction:
https://t.co/mLYZs3lVCA
Exploit contract:
0x454d03b2a1D52F5F7AabA8E352225335a1b724E8
Targeted contract:
0x32E616F4f17d43f9A5cd9Be0e294727187064cb3
Funds recipient:
0xa6c248384C5DDd934B83D0926D2E2A1dDF008387
Relevant incident details are listed below:
Attacker address:
0x935bfb495E33f74d2E9735DF1DA66acE442ede48
Exploit transaction:
https://t.co/mLYZs3lVCA
Exploit contract:
0x454d03b2a1D52F5F7AabA8E352225335a1b724E8
Targeted contract:
0x32E616F4f17d43f9A5cd9Be0e294727187064cb3
Funds recipient:
0xa6c248384C5DDd934B83D0926D2E2A1dDF008387
⚠️ Address Poisoning Attack | User Lost Over $510,000
A user has unfortunately fallen victim to an address poisoning attack, inadvertently sending funds to a malicious address on two separate occasions. This error resulted in a total loss of $514,003 ($509,003 + $5,000 = $514,003).
The attacker had laid the groundwork for this scheme by planting small “poison” transactions 33 and 55 days prior, simply waiting for a single copy-paste mistake.
A user has unfortunately fallen victim to an address poisoning attack, inadvertently sending funds to a malicious address on two separate occasions. This error resulted in a total loss of $514,003 ($509,003 + $5,000 = $514,003).
The attacker had laid the groundwork for this scheme by planting small “poison” transactions 33 and 55 days prior, simply waiting for a single copy-paste mistake.
I was convinced I’d found a straightforward, profitable trade 💰
The initial numbers looked fantastic…
Then, the GoPlus extension alerted me: ⚠️ Low liquidity detected
That was a narrow escape… I nearly ended up as exit liquidity 😮💨
The initial numbers looked fantastic…
Then, the GoPlus extension alerted me: ⚠️ Low liquidity detected
That was a narrow escape… I nearly ended up as exit liquidity 😮💨
🚨 Major Incident Alert: We have observed that YO Protocol @yield recently executed a substantial swap involving ~$3.84M $stkGHO for $USDC.
Unfortunately, owing to a potential operational error or misconfiguration within an @Uniswap V4 liquidity pool, this transaction suffered from massive slippage. As a result, the swap yielded only ~$112k USDC, leading to a total loss of ~$3.7M which was captured by the LPs of that specific pool.
Loss tx: https://t.co/fSWW4llPGh
In the aftermath of this incident, the project’s multi-sig has taken action by repurchasing ~$3.71M worth of $GHO through CoWSwap. Additionally, they have redeemed and deposited an equivalent value of $stkGHO back into the treasury.
Recovery tx: https://t.co/DabGp9i8Ar
Furthermore, the team has broadcasted an on-chain message proposing a solution where LPs may retain 10% of the captured funds as a bug bounty, provided they collaborate to return the remainder.
On-chain msg tx: https://t.co/mEzDx79w8c
🔒 Security Recommendations:
**For traders:** When swapping large amounts, please ensure you employ price limits, slippage protection, MEV protection, and pool whitelisting.
**For Uniswap v4 participants:** It is crucial to assess Hook and liquidity risks to safeguard against "slippage bombs."
Unfortunately, owing to a potential operational error or misconfiguration within an @Uniswap V4 liquidity pool, this transaction suffered from massive slippage. As a result, the swap yielded only ~$112k USDC, leading to a total loss of ~$3.7M which was captured by the LPs of that specific pool.
Loss tx: https://t.co/fSWW4llPGh
In the aftermath of this incident, the project’s multi-sig has taken action by repurchasing ~$3.71M worth of $GHO through CoWSwap. Additionally, they have redeemed and deposited an equivalent value of $stkGHO back into the treasury.
Recovery tx: https://t.co/DabGp9i8Ar
Furthermore, the team has broadcasted an on-chain message proposing a solution where LPs may retain 10% of the captured funds as a bug bounty, provided they collaborate to return the remainder.
On-chain msg tx: https://t.co/mEzDx79w8c
🔒 Security Recommendations:
**For traders:** When swapping large amounts, please ensure you employ price limits, slippage protection, MEV protection, and pool whitelisting.
**For Uniswap v4 participants:** It is crucial to assess Hook and liquidity risks to safeguard against "slippage bombs."
To Developers Who Have Not Yet Used an API Key: Full Upgrade Benefits for Token Security API
The Token Security API has achieved a major evolution! We are rolling out this important upgrade to ensure all developers enjoy more stable and powerful data services. Rest assured, all existing free services are fully retained, allowing you to unlock additional benefits at zero cost!
✅ **Exclusive benefits available upon registration:**
- A personal Exclusive API Key
- Higher call frequency limits
- Lower response latency
**The upgrade process requires only 2 steps (completed in 1 minute):**
1. Register a Dashboard account using your email: https://t.co/HqqEf0myW1
2. Directly obtain your exclusive API Key, which is effective immediately.
The Token Security API has achieved a major evolution! We are rolling out this important upgrade to ensure all developers enjoy more stable and powerful data services. Rest assured, all existing free services are fully retained, allowing you to unlock additional benefits at zero cost!
✅ **Exclusive benefits available upon registration:**
- A personal Exclusive API Key
- Higher call frequency limits
- Lower response latency
**The upgrade process requires only 2 steps (completed in 1 minute):**
1. Register a Dashboard account using your email: https://t.co/HqqEf0myW1
2. Directly obtain your exclusive API Key, which is effective immediately.
Web3 continua a subire attacchi. Basta così.
Quali strumenti di sicurezza essenziali ci mancano ancora?
Quali protezioni specifiche ti servono realmente?
Condividi il tuo contributo con #GoPlus nei commenti o nei DM.
💰 $100 di ricompensa se la tua idea viene realizzata.
Quali strumenti di sicurezza essenziali ci mancano ancora?
Quali protezioni specifiche ti servono realmente?
Condividi il tuo contributo con #GoPlus nei commenti o nei DM.
💰 $100 di ricompensa se la tua idea viene realizzata.
🛡 AI Security Alert: Significant Risks in AI Coding Supply Chains & Prompt Theft
**🚨 Trap #1: Malicious Chrome Extensions Targeting AI Chats**
Two fraudulent extensions have unfortunately compromised over 900,000 users. The affected tools are:
• “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” (600K+ users)
• “AI Sidebar with DeepSeek, ChatGPT, Claude, and more.” (300K+ users)
⛔️ **The Risk:** Every 30 minutes, these tools exfiltrate full ChatGPT / DeepSeek conversation histories and all browser tab URLs directly to servers controlled by attackers.
🎯 **Threats:** Corporate espionage, phishing, and social engineering.
✅ **Action:** Uninstall any unverified extensions immediately.
🔗 Details: https://t.co/IpoUYToZtd
**🚨 Trap #2: Critical n8n RCE Vulnerability**
A severe vulnerability, identified as CVE-2025-68668, is currently affecting n8n versions v1.0.0 through <2.0.0. This flaw permits attackers to execute arbitrary system commands utilizing n8n privileges.
🎯 **Threats:** 0-day exploitation, data leaks, and full server compromise.
✅ **Action:** Upgrade to n8n v2.0.0 immediately.
🔗 Details: https://t.co/1lyoHmGsxQ
**🚨 Trap #3: Supply Chain Attacks in AI Coding**
AI-enabled IDEs such as Cursor, Windsurf, Google Antigravity, and Trae may inadvertently recommend OpenVSX extensions that do not exist. Attackers can hijack these names to publish malicious look-alike plugins (e.g., fake PostgreSQL extensions).
🎯 **Threats:** Developer compromise, backdoors, and credential theft.
✅ **Action:** Always verify extension publishers and sources.
🔗 Details: https://t.co/ga35mNVc5h
**🔐 Recommended AI Security Best Practices**
• Use official channels only for tools & extensions.
• Patch and update software regularly.
• Treat AI prompts & outputs with the same care as sensitive data.
• If something looks suspicious — stop operations immediately.
⚠️ AI boosts productivity, but insecure AI tooling carries significant risks. Please stay vigilant.
**🚨 Trap #1: Malicious Chrome Extensions Targeting AI Chats**
Two fraudulent extensions have unfortunately compromised over 900,000 users. The affected tools are:
• “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” (600K+ users)
• “AI Sidebar with DeepSeek, ChatGPT, Claude, and more.” (300K+ users)
⛔️ **The Risk:** Every 30 minutes, these tools exfiltrate full ChatGPT / DeepSeek conversation histories and all browser tab URLs directly to servers controlled by attackers.
🎯 **Threats:** Corporate espionage, phishing, and social engineering.
✅ **Action:** Uninstall any unverified extensions immediately.
🔗 Details: https://t.co/IpoUYToZtd
**🚨 Trap #2: Critical n8n RCE Vulnerability**
A severe vulnerability, identified as CVE-2025-68668, is currently affecting n8n versions v1.0.0 through <2.0.0. This flaw permits attackers to execute arbitrary system commands utilizing n8n privileges.
🎯 **Threats:** 0-day exploitation, data leaks, and full server compromise.
✅ **Action:** Upgrade to n8n v2.0.0 immediately.
🔗 Details: https://t.co/1lyoHmGsxQ
**🚨 Trap #3: Supply Chain Attacks in AI Coding**
AI-enabled IDEs such as Cursor, Windsurf, Google Antigravity, and Trae may inadvertently recommend OpenVSX extensions that do not exist. Attackers can hijack these names to publish malicious look-alike plugins (e.g., fake PostgreSQL extensions).
🎯 **Threats:** Developer compromise, backdoors, and credential theft.
✅ **Action:** Always verify extension publishers and sources.
🔗 Details: https://t.co/ga35mNVc5h
**🔐 Recommended AI Security Best Practices**
• Use official channels only for tools & extensions.
• Patch and update software regularly.
• Treat AI prompts & outputs with the same care as sensitive data.
• If something looks suspicious — stop operations immediately.
⚠️ AI boosts productivity, but insecure AI tooling carries significant risks. Please stay vigilant.
🚦 Before placing a bet on @Polymarket, do you truly know which markets are traps and whether there are transaction risks involved?
GoPlus officially launches a new browser plugin feature: GoPredict.
👉 On the Polymarket timeline list, every market is automatically labeled with a risk level.
Watch the demo to see how GoPlus helps you navigate prediction markets.
GoPlus officially launches a new browser plugin feature: GoPredict.
👉 On the Polymarket timeline list, every market is automatically labeled with a risk level.
Watch the demo to see how GoPlus helps you navigate prediction markets.
1/ 🚨 Important Alert! As we step into 2026, there is a notable increase in Web3 phishing scams—it's crucial to remain vigilant regarding the security of your assets!
Trap #1: Phishing emails that closely mimic legitimate sources are particularly dangerous.
Cybercriminals are masquerading as reputable projects like MetaMask and Coinbase, dispatching phishing emails that claim to be related to security updates, 2FA verification, unusual login notifications, or compliance with regulations, all with the objective of obtaining your seed phrase or private keys.
⚠️ Caution: Exercise extreme care with any request prompting you to provide your seed phrase or private key—this is likely a scam 👇
Trap #1: Phishing emails that closely mimic legitimate sources are particularly dangerous.
Cybercriminals are masquerading as reputable projects like MetaMask and Coinbase, dispatching phishing emails that claim to be related to security updates, 2FA verification, unusual login notifications, or compliance with regulations, all with the objective of obtaining your seed phrase or private keys.
⚠️ Caution: Exercise extreme care with any request prompting you to provide your seed phrase or private key—this is likely a scam 👇
January 3rd marks the inception of a revolutionary journey. 🧡
In 2009, Satoshi Nakamoto successfully mined the Genesis Block of Bitcoin, incorporating a message that questioned the traditional financial systems ⛓️
At #GoPlus, we commemorate this pivotal moment while diligently working to uphold the trustless future it has sparked. 🛡
In 2009, Satoshi Nakamoto successfully mined the Genesis Block of Bitcoin, incorporating a message that questioned the traditional financial systems ⛓️
At #GoPlus, we commemorate this pivotal moment while diligently working to uphold the trustless future it has sparked. 🛡
🎉 Wishing everyone a joyful New Year from the #GoPlus team! 🎊
🔐 As we enter 2026, we extend our heartfelt wishes for your success, prosperity, and, above all, the safety of your crypto assets. Let’s collaborate to create a more secure Web3 environment together.
Stay safe. Stay secure. 💚
🔐 As we enter 2026, we extend our heartfelt wishes for your success, prosperity, and, above all, the safety of your crypto assets. Let’s collaborate to create a more secure Web3 environment together.
Stay safe. Stay secure. 💚
🗞️ BREAKING NEWS! GET THE LATEST UPDATES!
#GoPlus Security Sentinel Times brings you the headlines:
💰 A staggering $3.5 BILLION was misappropriated in 2025
🔑 Over 300 instances of private key theft
🎣 More than 400 phishing incidents recorded
🪙 Meme coins suffer the greatest impact
Your trusted source for cryptocurrency security news has arrived! 📰
#GoPlus Security Sentinel Times brings you the headlines:
💰 A staggering $3.5 BILLION was misappropriated in 2025
🔑 Over 300 instances of private key theft
🎣 More than 400 phishing incidents recorded
🪙 Meme coins suffer the greatest impact
Your trusted source for cryptocurrency security news has arrived! 📰
Accedi per esplorare altri contenuti