GoPlus Security 🚦 (@GoPlusSecurity) / X

GoPlus Security 🚦

3,648 posts

GoPlus Security 🚦

@GoPlusSecurity

Protect Your Every Transaction. User App: chromewebstore.google.com/search/GoPlus 🛡️ Dev Integration: Security Intelligence & SafeToken Protocol 🛡️

On-Chain

Joined May 2021

GoPlus Security 🚦
@GoPlusSecurity
14h
🧵1/4 ⚠️ Vulnerability Analysis: Breakdown of the Taiko Exploit on Ethereum L2 The vault contract of @taikoxyz on #ETH was exploited, resulting in losses exceeding $1.7 million. 🔍 Attack Flow Analysis: In the attack transaction below, the attacker registered two malicious SGX
Taiko.eth 🥁
@taikoxyz
Jun 22
⚠️ Security Notice 1/2: We have confirmed a compromise of Taiko’s chain state verification mechanism. As a result, the security assumptions of all bridges deployed on Taiko can no longer be relied upon. We are actively coordinating with the Security Council and ecosystem
8.3K
GoPlus Security 🚦
@GoPlusSecurity
14h
Replying to @GoPlusSecurity
🧵3/4 Finally, based on the Merkle tree of the forged block, the attacker forged a bridge message to execute direct transfers, ultimately stealing assets from the bridge vault. etherscan.io/tx/0xb8befb015…
499
GoPlus Security 🚦
@GoPlusSecurity
14h
🧵4/4 📌 Additional Information Attacker Addresses: 0x7506DeA0c38ca0B55364B22424374c5A1ae1B76a 0xA98035081fB739EbE9C8f80904668fb11438a846 0x4777A54Ff81357c966d7D98eEa88f0F54d969135 0x292468E78605Eca39071165B5EAc4c9707BA9813 Attacker Contract:
Ethereum Transaction Hash: 0x2f44dc1b88... | Etherscan
From etherscan.io
273
GoPlus Security 🚦 reposted
Custos
@custos_labsxyz
Jun 21
⚡Predict with $GPS, $LISTA & $PUFFER for a +8% Boost Token Boost Rotation | Matchdays 9–13 🔁 Jun 19–23 ET | Jun 20–24 UTC+8 Predict ➡️ dapp.custos.global/topic/world_cup Use $GPS, $LISTA, or $PUFFER to get +8% Winning Weight for the same value ($) in Tokens Clash. All supported tokens
2.9K
GoPlus Security 🚦
@GoPlusSecurity
Jun 21
🧵1/5 GoPlus Security Alert: Prominent #ETH MEV Bot #JaredFromSubway Loses Approximately $15 Million in a "MEV Honeypot Attack" This attack was neither a traditional phishing scam nor a smart contract code vulnerability. Instead, it was a "honeypot trap" specifically designed to
Aggr News
@AggrNews
Jun 20
FAMOUS MEV BOT "JAREDFROMSUBWAY" APPEARS TO HAVE BEEN EXPLOITED FOR OVER $15M: ONCHAIN
etherscan.io
Address: 0x81F248Ff...66de40091 | Etherscan
Contract: Unverified | Balance: $0 across 0 Chain | Transactions: 139 | As at Jun-21-2026 06:19:46 AM (UTC)
5.6K
GoPlus Security 🚦
@GoPlusSecurity
Jun 21
Replying to @GoPlusSecurity
🧵4/5 wrap() / wrapTo(): Immediately consume the allowance granted by the caller to this contract (small-scale test). withdraw(address): Later drain the allowance that was previously left behind (large-scale theft).
453
GoPlus Security 🚦
@GoPlusSecurity
Jun 21
🧵5/5 Additional Information Approval Sample Transaction: 0x85609286d68bd47065772c21fd9542c4343348ff8c7c2e6d63d0692be5781915 Sweep Transaction: 0x2be8704f5a59b69e0b71f64aefdb99eb0e8ae9fb3926147c581910d71bcf3e65 Attacker Spender: 0x4ee0b6e9f9c4886beeef2ebd7fc27223169531ce
429
GoPlus Security 🚦
@GoPlusSecurity
Jun 21
🧵1/3 ⚠️ Vulnerability Analysis: Analysis of the @BnbLabubu Exploit On June 20, DeFi game @BnbLabubu was exploited due to a vulnerability in the OLPCToken contract (0x58815C), resulting in approximately $1.115 million in losses. 🔍 Vulnerability Mechanism Analysis: A
7.8K
GoPlus Security 🚦
@GoPlusSecurity
Jun 21
🧵2/3 The attacker exploited this vulnerability by repeatedly using a "donate + skim + sync" strategy to continuously drive up the price of $OLPC in the liquidity pool, ultimately profiting approximately $1.115 million. The initial value of decimalsValue in the OLPCToken
2.6K
GoPlus Security 🚦
@GoPlusSecurity
Jun 21
🧵3/3 Additional Information Attacker Address: 0x18D6c39aE9E537F948AA2212d44D8c23944fc188 Attack Contract Address: 0x5Cf9d217729FeC8d08998B29e91216439791791B Vulnerable Contract (OLPCToken): 0x58815CDF9955121a6274680ab396a36FC9e00000 Exploited Liquidity Pool Contract:
bscscan.com
Bsc Transaction Hash: 0x8dabb60a94... | BscScan
Call 0x2cadd184 Method by 0x18D6c39a...3944fc188 on 0x18D6c39a...3944fc188 | Success | Jun-20-2026 11:31:03 AM (UTC)
1.3K
GoPlus Security 🚦
@GoPlusSecurity
Jun 20
🚨GoPlus Security Alert: On June 19, @mySwapxyz (Starknet) was exploited. The attacker deployed a fake "EVIL" token contract (0x028c9a) and exploited a vulnerability in a project contract (0x01114c), draining approximately $305,000 from mySwap CL liquidity pools, including
mySwap - Starknet AMM
@mySwapxyz
Jun 19
Security update: at 7:15am UTC today, the mySwap CL protocol was exploited, resulting in ~$300K being drained from liquidity pools. The mySwap interface has been closed to new liquidity for the past 6+ months, and the remaining balances were mostly residual LP positions spread
2.2K
GoPlus Security 🚦
@GoPlusSecurity
Jun 20
🚨 Security Alert: An attacker exploited an infinite mint vulnerability in a modified CW20-ICS20 token contract (secret1yxj...) on Secret Network, stealing approximately $4.67 million worth of assets from Axelar. Three transactions involving WETH, USDT, and WBTC were bridged
Axelar Network
@axelar
Jun 19
We have identified an incident affecting assets bridged over IBC to Secret Network from the Axelar chain, with approximately $4.67M worth of tokens taken. Based on current information, the issue is isolated to the Secret-side ICS-20 smart contract of the Cosmos IBC connection
8.7K
GoPlus Security 🚦
@GoPlusSecurity
Jun 19
🚨GoPlus Security Alert: #Microsoft has disclosed a cryptocurrency clipboard hijacker targeting the #Windows platform that has remained active since February 2026. This malware combines clipboard theft, wallet address replacement, worm-like propagation, and Tor-based anonymous
Microsoft Threat Intelligence
@MsftSecIntel
Jun 17
Since February 2026, Microsoft Defender Experts have tracked a cryptocurrency clipper campaign that combines clipboard theft, wallet address replacement, worm-like functionality, and Tor-based communications, enabling both financial gain and continued access to devices.
2.8K
GoPlus Security 🚦
@GoPlusSecurity
Jun 16
🧵1/7 ⚠️ Vulnerability Analysis: Exploit of Thetanuts Finance Legacy Vaults On June 15, options protocol @ThetanutsFi suffered an exploit targeting its legacy vault contracts on #ETH, resulting in approximately $105K in losses. Notably, about one hour later, a white-hat hacker
2.5K
GoPlus Security 🚦
@GoPlusSecurity
Jun 16
Replying to @GoPlusSecurity
🧵6/7 4、Swap the acquired tokens for USDC.
678
GoPlus Security 🚦
@GoPlusSecurity
Jun 16
🧵7/7 📌 Additional Information Attacker Address: 0x30498e4466789E534c72e03B52A16c978655b41e Attack Contracts: 0xa589c5342068b0c1fefd44d3c95354427502ac91 0x0f9daa9e0adced4e64578b2e131930dde54e492e Exploited Contract: 0xC2C3AE0a7b405058558C9b4a63b373486CB86Ac7 Attack
644