🚀 GoPlus Security API Enhances Permit Phishing Detection
#GoPlus #SecurityAPI #PhishingDetection #Web3 #BlockchainSecurity #AI #TokenSecurity #NFTSecurity #PermitPhishing #CryptoSafety #TrustWallet #TokenPocket #SafePal
According to BlockBeats, on October 11, GoPlus announced that its security API now fully supports Permit phishing signature detection. This enhancement allows for real-time updates and dynamic identification of most Permit signature phishing scenarios, effectively addressing recent threats that have resulted in significant financial losses for on-chain users, including millions of dollars lost by users like Shenyu.
GoPlus is recognized as the world's largest and most comprehensive Web3 security infrastructure. It features an advanced AI-driven security detection engine that operates in real-time, dynamically, and automatically. The platform supports security detection for tokens, malicious addresses, NFTs, authorizations, Permit phishing signatures, and dApp security information across more than 20 major public blockchains, including Ethereum and Solana. With an average of over 34.3 million daily API calls, GoPlus has integrated with leading wallets and dApps such as TrustWallet, TokenPocket, and SafePal. This integration has successfully thwarted numerous potential phishing attacks, rug pulls, malicious tokens, blacklisted address interactions, and risky authorizations, providing 24/7 protection for Web3 users' assets and transaction security.#GoPlus #SecurityAPI #PhishingDetection #Web3 #BlockchainSecurity #AI #TokenSecurity #NFTSecurity #PermitPhishing #CryptoSafety #TrustWallet #TokenPocket #SafePal
🚀 LayerZero CEO Highlights Critical Issue in Across Protocol's Token Contract
#LayerZero #AcrossProtocol #TokenContract #ERC20 #SmartContract #TokenSecurity #CrossChain #Blockchain #OpenZeppelin #Vulnerability #BugBounty #UMA #ZRO
According to BlockBeats, on October 22, Bryan Pellegrino, CEO of cross-chain interoperability protocol LayerZero, addressed the Across Protocol team via social media regarding a significant issue in their token contract.
Pellegrino pointed out that the team had mistakenly exposed a function intended to be private. This function, written by OpenZeppelin in its ERC20 token implementation, is designed to destroy tokens and was given to the contract owner. This exposure allows the contract owner to withdraw tokens from any wallet at will and reduce any account balance to zero.
Additionally, Pellegrino noted that both the Across Protocol and UMA Protocol contracts possess the capability for unlimited minting. Despite being informed of these issues, the teams appeared indifferent.
To resolve this problem without reissuing the tokens, Pellegrino suggested transferring contract ownership to a new smart contract. This new contract should prevent minting beyond the total supply and disallow token destruction. Given the permanent nature of this vulnerability, the new contract must be immutable and should not include any ownership transfer functions.
Pellegrino also mentioned that if the team has an active bug bounty program, they could credit the LayerZero team for this information.#LayerZero #AcrossProtocol #TokenContract #ERC20 #SmartContract #TokenSecurity #CrossChain #Blockchain #OpenZeppelin #Vulnerability #BugBounty #UMA #ZRO
🚀 Frequent Spam Tokens and Phishing Risks on Blockchain
#SpamTokens #PhishingRisks #Blockchain #ZachXBT #AddressPoisoning #ScamAwareness #TokenSecurity
Blockchain sleuth ZachXBT posted on X about the frequent occurrence of spam tokens on the blockchain, warning users about potential phishing sites associated with these tokens. He advised users to avoid visiting websites that appear as token names and suggested hiding or ignoring such tokens in their applications. ZachXBT also cautioned against copying wallet addresses from activity history due to the risk of address poisoning, where scammers create similar-looking addresses to deceive users into copying and pasting incorrect ones.#SpamTokens #PhishingRisks #Blockchain #ZachXBT #AddressPoisoning #ScamAwareness #TokenSecurity