The rapid growth of the Web3 ecosystem has been accompanied by escalating security threats. From phishing attacks and malicious contracts to wallet theft and rug pulls, on-chain risks have become increasingly complex and elusive. In June 2026, GoPlus Security disclosed a series of AI-driven smart contract vulnerability attacks: On June 9, the Token of Power (TOP) contract, deployed seven years ago on Ethereum, was exploited, resulting in losses of approximately $1.5 million. On May 25, the WUSD.fi contract, deployed three years prior, was attacked, causing around $200,000 in losses. On June 14 and June 18, Aztec Network suffered back-to-back attacks on contracts deployed two years ago, with total losses exceeding $4 million. Traditional security audit methods struggle to effectively cover legacy contracts, while attackers are leveraging AI technology to rapidly identify and exploit these vulnerabilities.
Against this backdrop, GoPlus Security, as the first Web3 decentralized security layer, has evolved since 2022 from a Web3 user security infrastructure provider into a comprehensive security network spanning over 30 blockchain networks. Its security APIs process tens of millions of requests daily, protect over 12 million wallet addresses, and identify more than 800,000 malicious assets. As of July 6, 2026, Gate market data shows GoPlus Security (GPS) trading at $0.009350, with a 24-hour trading volume of $2.3175 million and a total supply of 10 billion tokens. This article explores the operational logic behind GoPlus’s four core modules—real-time risk scanning system, address behavior analysis model, DApp security detection mechanism, and data-driven security network—to explain its on-chain risk identification framework.
Real-Time Risk Scanning System: The Security Gate Before Transaction Execution
One of the core capabilities of the GoPlus security network is performing risk scans and assessments before every on-chain transaction is executed. This mechanism relies on the GoPlus Intelligence risk analysis engine, providing real-time security intelligence to AI agents, Web3 users, wallets, applications, blockchains, and developers.
Multi-dimensional API Risk Coverage. GoPlus offers a comprehensive suite of real-time risk scanning APIs, covering token security, malicious address detection, NFT security, authorization risk analysis, DApp security information, signature data decoding, and phishing site detection. The token security API can identify tokens with rug pull, scam, and hidden tax risks. The malicious address API maintains a continuously updated database of malicious wallet addresses. The NFT security API verifies NFT authenticity and detects counterfeit collections.
Transaction Simulation: A Key Step in Risk Preview. In May 2026, GoPlus launched its secure transaction simulation API, supporting pre-simulation of transactions in both EVM and Solana ecosystems. This feature evaluates transaction outcomes and detects potential risks before transactions are recorded on-chain, covering risks related to addresses, contracts, tokens, URLs, slippage, and more. It returns results across multiple dimensions, including risk type, risk level, risk details, and suspicious addresses. This mechanism enables users to identify potential risks before signing a transaction, effectively avoiding asset losses caused by malicious contracts or phishing signatures.
Scalable Real-Time Response Capabilities. According to CoinDesk research, the GoPlus Intelligence token security API averaged 717 million daily calls in 2025, peaking at nearly 1 billion in February. Chain-wide requests, including transaction simulation, reached an additional 350 million monthly. By 2026, GoPlus was processing 30 million API calls daily. This high-volume data processing allows its risk scanning system to deliver comprehensive transaction risk assessments within milliseconds.
Address Behavior Analysis Model: From Static Tags to Dynamic Profiles
Address behavior analysis is another key module in the GoPlus security framework. Unlike traditional security solutions that rely on static blacklists, GoPlus’s address behavior analysis model continuously tracks on-chain address transaction patterns, interaction partners, and fund flows to build dynamic risk profiles.
Eight Dimensions of Risk Detection. In August 2025, GoPlus introduced the Address Scan API, which performs eight-dimensional risk checks on individual addresses during transfers, trades, and receipts. These include address poisoning, recipient risk, risky counterparties, abnormal gas fees, stablecoin risk, NFT poisoning, authorization risk, and asset risk analysis. Asset risk analysis covers both tokens and NFTs, identifying token contract vulnerabilities, stablecoin de-pegging risks, and NFT poisoning or theft.
Dynamic Malicious Address Database Updates. The GoPlus malicious address API provides a free, comprehensive, and real-time updated database of malicious addresses. Rather than a static dataset, this database is dynamically iterated through ongoing monitoring of on-chain activity, community feedback, and security incident reports. When an address is linked to known attacks, phishing, or fraud, it is added to the malicious address database and triggers alerts in subsequent transaction scans.
From Individual Addresses to Network Correlation Analysis. The address behavior analysis model not only assesses the risk attributes of individual addresses but also analyzes relationships between addresses via on-chain transaction graphs. The risky counterparty detection dimension identifies addresses with financial ties to known malicious addresses, enabling early detection of potential risk transmission paths. This network-based analysis helps GoPlus uncover addresses that may not be directly flagged as malicious but exhibit abnormal risk behaviors.
DApp Security Detection Mechanism: Filtering Risks at the Application Layer
As the primary gateway for users to interact with the blockchain, DApp security directly impacts user asset safety. GoPlus’s DApp security detection mechanism aggregates multi-source data and conducts real-time risk assessments to provide a protective barrier for DApp interactions.
DApp Security Information API. The GoPlus DApp security information API aggregates security data from multiple DApps, offering rapid risk alerts and insights to ensure safe user interactions. The API evaluates DApps across several dimensions, including contract code security, historical audit records, user feedback, and on-chain behavioral data.
Integration with Leading Platforms. GoPlus’s security capabilities have been integrated into several top Web3 platforms. DexScreener, for example, leverages GoPlus Security to build a unique token safety detection system, enhancing user trust. GoPlus products are integrated into Binance, MetaMask, Trust Wallet, and other mainstream platforms, collectively safeguarding billions of dollars in on-chain assets. This extensive integration network enables GoPlus’s DApp detection mechanism to cover a wide range of application scenarios, creating a scalable security effect.
AI-Powered Continuous Auditing. In response to the growing threat of smart contract vulnerabilities, GoPlus has introduced an AI-driven Always-on Audit solution. Traditional audits struggle to effectively cover legacy contracts, but AI-powered continuous auditing can quickly check older contracts for security, balancing reliability and cost. Combined with DApp security detection, this mechanism allows GoPlus to continuously monitor DApp security status without relying on manual periodic audits.
Data-Driven Security Network: From Centralized Intelligence to Decentralized Collaboration
The underlying logic of the GoPlus security network is a data-driven decentralized security infrastructure. Its architecture consists of three interconnected components: the security data layer, which collects real-time threat intelligence; the security compute layer, which uses AI algorithms for detection and analysis; and the SecWare protocol, which ensures secure transmission and verification of data within the network.
Security Data Layer: Large-Scale Intelligence Collection. The security data layer forms the foundation of the GoPlus network, collecting real-time security data from over 30 blockchain networks. This includes transaction records, contract deployment information, token issuance data, address interaction history, and other public on-chain information, as well as intelligence from partners, security communities, and node operators. The breadth and depth of this data directly determine the accuracy and coverage of upper-layer analysis models.
Security Compute Layer: AI-Powered Risk Assessment. The security compute layer consists of distributed Security Compute Nodes (SCNs) that perform security-related computations and validations, such as verifying transaction security analysis results, detecting potential threats, and simulating transactions. Advanced machine learning algorithms enable real-time risk detection for each transaction, with interaction analysis completed before smart contract execution on-chain. The distributed node design ensures scalability and decentralization.
SecWare Protocol and Ecosystem Collaboration. The SecWare protocol acts as the intermediary layer connecting security service providers and consumers within the GoPlus network. Developers can build security applications (Security Software) based on the SecWare protocol, offering specialized services such as anti-fraud, anti-phishing, and anti-MEV. This open ecosystem architecture allows GoPlus’s security network to continually expand—more developers mean richer data sources and stronger risk identification capabilities, creating a positive feedback loop.
Data-Driven Self-Evolution. What sets GoPlus apart is its data-driven self-evolution mechanism. Every risk scan, transaction simulation, and identified malicious address becomes part of the security data layer, optimizing subsequent risk identification models. This continuous learning mechanism enables GoPlus to respond quickly to emerging attack methods.
Conclusion
The core challenge of Web3 security isn’t simply fixing individual vulnerabilities, but establishing a comprehensive security system that identifies risks before transactions are executed, provides real-time protection during interactions, and continually evolves after attacks occur. Through the synergy of real-time risk scanning, address behavior analysis, DApp detection, and a data-driven security network, GoPlus Security has built a decentralized security layer covering the entire transaction lifecycle.
From 30 million daily API calls to safeguarding 12 million wallets, from eight-dimensional address risk detection to AI-powered continuous auditing, GoPlus is transforming security from a Web3 add-on into native infrastructure. As AI agents become more prevalent and on-chain interactions increase, real-time execution security will become ever more critical. The decentralized security network built by GoPlus offers the Web3 ecosystem a verifiable, scalable, and sustainable security paradigm.
FAQ
Q: What risks can GoPlus’s real-time risk scanning detect before a transaction?
GoPlus’s real-time risk scanning can identify token contract risks (such as rug pulls and hidden taxes), malicious address risks, authorization risks, and phishing website risks before transaction execution. With the transaction simulation API, it can also predict transaction outcomes and help users avoid asset losses caused by abnormal slippage or contract vulnerabilities.
Q: How does the address behavior analysis model determine if an address is risky?
The model evaluates addresses across eight dimensions: address poisoning, recipient risk, risky counterparties, abnormal gas fees, stablecoin risk, NFT poisoning, authorization risk, and asset risk. It also leverages a dynamically updated malicious address database and on-chain transaction graph analysis to identify addresses associated with known malicious actors.
Q: How does GoPlus’s DApp security detection differ from smart contract auditing?
Traditional smart contract audits are one-time code reviews, while GoPlus’s DApp security detection uses the DApp security information API for ongoing monitoring. It aggregates multi-source security data to conduct real-time risk assessments and combines AI-powered continuous auditing to dynamically check legacy contracts.
Q: How does GoPlus’s data-driven security network ensure data reliability?
GoPlus adopts a decentralized three-layer architecture: the security data layer collects real-time threat intelligence from over 30 blockchains; the security compute layer uses distributed nodes for validation and computation; and the SecWare protocol ensures secure data transmission and verification. The distributed node and open ecosystem design reduces risks of single points of failure and data manipulation.
Q: What role does the GoPlus Security (GPS) token play in the security network?
GPS is the utility token of the GoPlus ecosystem. It is used to pay for security services (such as API calls and transaction risk checks), can be staked to help secure the network and earn rewards, and is used for governance voting. GPS has a total supply of 10 billion tokens.




