GoPlus Security π¦
@GoPlusSecurity
Followers
463K
Following
3K
Media
1K
Statuses
3K
Protect Your Every Transaction. User App: https://t.co/FHHKZyzH1j π‘οΈ Dev Integration: Security Intelligence & SafeToken Protocol π‘οΈ
On-Chain
Joined May 2021
π Related Info: Attacker: 0x657CDEfc7ef8b459b519dEFc8BED2A67d3cC1aAb Exploited Contract: 0x3c212A044760DE5a529B3Ba59363ddeCcc2210bE
1
0
0
β οΈ Key Takeaways 1οΈβ£ Oracle config changes MUST be rigorously tested 2οΈβ£ Price precision handling is critical for DeFi security 3οΈβ£ Contract upgrades need comprehensive audit processes 4οΈβ£ Even small config changes can lead to massive losses DeFi protocols must maintain extreme
2
0
4
π Assets Extracted by Attacker: - 299.48 WETH - 343.87 wstETH - 178,073.77 USDC - 2.5498 WBTC Total profit: 846.18 ETH β $2.74M All affected assets suffered from the same oracle precision issue πΈ
1
0
0
π₯ Attack Breakdown Example tx: https://t.co/FFUIOUiw5E Oracle returned stETH price: 3.246e10 Actual price should be: 3246 Result: 1 oToken could redeem 9,986,072 WETH β Attacker used only 0.00002999 oToken to extract 299.48 WETH β
1
0
0
π Root Cause: Oracle Precision Misconfiguration 6 days prior, developers updated oracle configs for stETH, Aave, PAXG, and LINK, but incorrectly changed the price precision Issue: Oracle returned prices with different precision, but redemption calculations still used the
1
0
1
π¨ @ribbonfinance suffered a major exploit losing ~$3M On Dec 12, the structured finance platform was attacked due to oracle price precision misconfiguration. Attacker profited 846.18 ETH (~$2.74M) A classic case of oracle configuration failure π§΅π
The old contract of @ribbonfinance has been drained for a total of $2.7M. Exploit contract: 0x3c212A044760DE5a529B3Ba59363ddeCcc2210bE Theft addresses: 0x354ad0816de79E72452C14001F564e5fDf9a355e 0x2Cfea8EfAb822778E4e109E8f9BCdc3e9E22CCC9
1
1
15
βAI Safety Rules β Manual confirm all payments/transactions β Never input ID/passwords β Audit & revoke risky permissions regularly You're the human in the loop. AI assists β YOU decide. π‘οΈ
3
6
18
Appreciate the analysis! π Every dollar of revenue represents a user we've protected, a scam we've prevented, or a project we've secured. Sustainability means we can keep building, and keep innovating for the long term. Thank you for being part of this journey π
Sustainability in Web3 infrastructure is rare. Our analysis of the @GoPlusSecurity ecosystem shows the protocol is generating consistent on-chain revenue - totaling $4.7M as of October 2025. β’ GoPlus App: $2.5M β’ SafeToken Protocol: $1.7M β’ SaaS Subscriptions: $0.5M
0
7
18
I swapped out one of my keyboard keys for G's "β
" key. Now it's your turn: Install the #GoPlus extension and secure your Web3. π https://t.co/XLZNw2lene
7
11
38
Onchain security products live or die by real-time data. Thatβs why @GoPlusSecurity uses Moralis Data APIs to fetch onchain data & Moralis Streams to monitor live onchain data for their leading Web3 security layerβοΈ More speed. Less infra. Big savings. https://t.co/QTvs0GHDLV
4
9
13
6οΈβ£ Addresses Involved 𧨠Exploit addresses 0x7C97313f349608f59A07C23b18Ce523A33219d83 0x083379BDAC3E138cb0C7210e0282fbC466A3215A π οΈ Malicious contracts 0xc2a0aD4Bd62676692F9dcA88b750BeC98E526c42 0xAC075b9bf166e5154Cc98F62EE7b94E5345Cc090
0
0
5
5οΈβ£Stage 2 πDec 5 Attacker used admin rights to trigger the actual exploit: Tx: https://t.co/w7wQyGPx5M Steps: β Upgrade implementation β attack contract β drain 232 stETH β‘ Flash-loan 3121 ETH β mint ~98M USDP β’ Swap part of USDP β ~300k USDC β£ Repay the flash loan β
1
0
4
4οΈβ£Attack Timeline: Two Stages πSept 16 Attacker leveraged Multicall3 to execute a frontrunning initialization: Tx: https://t.co/8439GTGqKb Actions: β Initialize proxy β gain admin access β‘ Upgrade implementation β malicious proxy β’ Upgrade again β back to original logic
1
0
0
3οΈβ£ Key Technique: Malicious Proxy Injection The attacker inserted a malicious proxy contract between: ERC1967Proxy (0x1346B4) β StabilizerNFT (implementation) This layer: πΉ Preserved original business logic πΉ Granted attacker hidden admin access πΉ Spoofed the
1
0
0
2οΈβ£ Root Cause The proxy contract allowed initialize() β οΈ without restricting the caller (e.g., onlyOwner). The attacker monitored mempool & front-ran the initialization, gaining admin privileges over the proxy. β When the team later performed initialization, they were
1
0
0
The @USPD_io stablecoin protocol on Ethereum was exploited via a proxy initialization frontrunning attack.𧡠The attacker waited 80 days before triggering the exploit, stealing 232 $stETH + 300k $USDC (~$1M total).
π¨ URGENT SECURITY ALERT: USPD PROTOCOL EXPLOIT π¨ 1/ We have confirmed a critical exploit of the USPD protocol resulting in unauthorized minting and liquidity draining. Please DO NOT buy USPD. Revoke all approvals immediately.
1
9
18
π GoPlus November Web3 Security Monthly Report Released A staggering $183.9M lost as exploits, phishing and scam tokens intensified in November Understand the risks to protect your assetsπ
0
7
15
π‘οΈ GoPlus Extension X Detection - Demo Walkthrough Don't wait until it's too late, install #GoPlus Extension now and secure your #Web3 social experience! https://t.co/XLZNw2lene
GoPlus Extension Updated | X Detection Feature Now Live π Real-time Tweet Risk Monitoring β οΈ Auto-detect Fake Accounts π‘οΈ Block Suspicious Content with One Click Protecting Your Web3 Social Security
2
5
17