Brains of Crypto: Discussing Web3 Security with Founders of GoPlus
GoPlus Security is revolutionizing the way web3 is secured, offering open user-driven security services for blockchain users. Learn about their story and funding in this interview.
GoPlus Security is one of our major partners for the security features on CoinBrain. Thanks to their APIs, CoinBrain users can access Safety Check on the profile page of all coins or make sure that there are no unwanted token approvals on their wallet.
GoPlus is revolutionizing the way web3 is secured, by providing all blockchain users with an open, permissionless, user-driven security service platform.
Please, tell us a little bit about the beginnings of GoPlus and what motivated you to start such a company?
GoPlus is a cloud-based security engine that provides security services to Web3 applications via a couple of APIs, including wallets, DeFi applications, price-tracking apps, browsers, etc. Focusing on consumer users, GoPlus aims to solve the issues related to crypto security.
GoPlus can help users tell if there are any risks associated with the token in real- time, more specifically, to tell if it is a fraud airdrop, an approval request that might drain your wallet, fake tokens, etc. We can break down all these risks into two categories. Firstly, it refers to the risk on the asset itself or suspicious IP address. Secondly, it is the risk that happens to a user in a regular scene, when they're transferring an asset to some kind of suspicious address, or receiving an approval request. It's not difficult to understand the mechanism here. I'll try to explain the way how GoPlus works here. If there are any behaviors initiate a risk detection, GoPlus would send all those risk samples to the cloud security engine, to check if there are any risk patterns by matching with the database. And then it'll return with a risk rate and related info if any. It's pretty intuitive.
GoPlus Security is a leading Web3 security infrastructure provider that covers most of the major blockchain networks and users both consumer and business ones. As now nearly 4 million calls happen per day, GoPlus got over 40% of the market share. We expected that in the next six months, the figure would go up to more than 60%.
As for why we launched GoPlus? It's coming from the real users’ needs. We found there are desperate needs for security detecting services in the market. Based on all those needs our product research team spent much time and collected numerous data, and GoPlus was born. We can't guarantee it is 100% safe, but we can offer a potential risk alert for users before it could happen. Going further, we could be able to provide users with an affordable security alert service that everyone can access.
Can you tell us more about how B2B customers and developers use your APIs and other security products?
GoPlus Security has developed a real-time, dynamic, and automated security detection platform, which offers a couple of security APIs associated with tokens, NFT, malicious address, approval risk , contract risk, and dApp risk available for business users and developers.
Any business users that need security detecting for these scenarios just need to do an easy configuration and integrate the risk detecting service they need, and then take out the headache for risk concerns that comes with trying to do a crypto transaction and transfer, wallet approval and more.
When integrating the Token security API, it would conduct an auto-detection on the token in real-time when any security risk-related activity happens. It will figure out all the potential security risks associated with the token's potential attack vectors.
GoPlus's Token security API would detect the risks of security for the token. It would check over 30 safety indicators from contract code, and transaction security to info security, including but not limited to: whether the contract is open-sourced, whether it is mintable, whether there are any risks of security associated with the owner address, the number of token holders, LP info, the percentage of buy/sell tax, whether it is honeypot and more.
GoPlus will soon release two SDKs(for node.js and go), then it will be super easy to integrate GoPlus API service for developers, as they don’t need to configure the API for themselves.
Do you have any product targeting the mainstream audience which our readers could try?
For any of those we've provided for the developers and business customers as an APIservice I've mentioned above, we make it available for regular users to access by offering an easy-to-use frontend.
If you have any concerns when transacting a token, minting an NFT, visiting a suspicious site, receiving an approval request from an untrusted source and more, just go check at gopluslabs.io and it'll get all your doubts figured out.
You can imagine GoPlus as a search engine, but for Web3 security. Here, you can search/query information related to risks of security including token security, dApp security and more, the engine will always return with an appropriate answer. Similar to how you would do a google search, the GoPlus search engine allows you to search for keywords of use cases, addresses, or token contracts to seek information on security info and find effective solutions.
What challenges have you faced while growing GoPlus Security?
Security defense is an ongoing concern, something that needs to be maintained over time instead of being checked once and forgotten about. As hackers continue to iterate on their attack schemes, security defense has become an extremely challenging task. That means as hackers become smarter, our security engine should keep up with it. For all of us as security engine developers, we should never stop learning and honing our craft to iterate on the security engine, making it more alert on all those innovative but creepy crypto scams.
To GoPlus, it means that we should detect the risks with higher precision, extend as more valid attack vectors as possible and upgrade the defense tactics over the change of hackers' attacking mechanism.
Recently you got funded by Binance Labs. That’s a great success! Could you tell us more about it?
Yeah. Last month we just made an announcement about this funding. We're really happy to be with Binance Labs in this journey moving forward.
You know, it's never easy to build a security infra, and it's definitely more difficult for our next progression, which is to extend it to trusted sources in web3 for anything security tools, applications and solutions.
With that being said, the raise could help us achieve the goal earlier. The funding will be used to build out and iterate on technology, create a security services marketplace and scale our team to build a more secure, user-friendly Web3.
What do you find most fascinating about blockchain security?
Out of all the tokens we've indexed in our database so far, the token associated with scam risks accounts for more than 50%. That is scary. The recent data released from GoPlus tells a total of 2.04m+ tokens have been detected, 1.09M+ of them are tokens with risks, meaning more than 50% of crypto tokens are tied up with scams.
The token associated with the honeypot scam is on the rise.The recent data from GoPlus shows the honeypot tokens deployed in 2022 have increased significantly, reaching 101,267 in total, an 83.39% increase over the full 2021.
Most of the honeypot scams are deployed on popular blockchains. Out of all the honeypot scams, 92.8% of them were deployed on BNB Chain, while 6.6% of them occurred on Ethereum. Both of them are such popular public chains that attract lots of developers to flock there and launch their projects including fraud ones. In other words, how attractive a blockchain is to the scam tokens indicates how popular it is.
It's more clear than ever that DeFi eats CeFi. After this FTX incident, as the trust that crypto users put in CEX is declining, we saw many users in the crypto space begin to withdraw their digital assets and transfer them into a decentralized wallet. On-chain active users witnessed a surge and so are the attackers. GoPlus data saw a newly added pattern of honeypot amounts to more than 120 and how often the attacks happen gets ~6x after a week of FTX collapsing.
What do you think is the most important aspect of blockchain cybersecurity that many organizations overlook?
Most organizations lay out their security problem by shooting on their own Vulnerability to avoid being hacked by a third party or code leak. In order to do so, a lot of them could choose a service like Auditing, penetration test, or AML under the requirement of Compliance.
However, they sometimes ignore the risk to their user. For two reasons, one is the uncertainty of the web3 environment, and the risk is sometimes out of their own control. But in some worse cases, it could be due to the interest conflict, and the worst case is there are so many scammer or rug pull projects in web3. So the intention for the project in web3 is so important from the first place.
How do you see the future of blockchain security?
Looking forward to the future of blockchain security, I believe there is still a long way to go, not only for GoPlus but also for regular users.
The security defense is a dynamic action instead of a static one. Not only are the hackers constantly updating the fraud pattern and scam logic, but as a defender, we need to constantly iterate on our countermeasures along with hackers' evolution. This is not only an enduring process, it's like a game of war ——fight and fight back.
When coming to a regular crypto user for the future of blockchain security, i'd like to say it requires us to spend more time and effort to educate people in Web3 security, especially for noobs. GoPlus had already done this via hosting a twitter space and Ama, also creating writeups whether it is technical ones targeting developers or just security routine takeaways for regular users exclusively. All we've done is to make a future where we will be able to see a group of people with more risk awareness and security literacy.
What do you think must change about web3 applications to attract more mainstream users?
Web3 is the next-generation internet. It stands for decentralization, privacy, composability, permanent storage, owning your own data, a more decentralized web and value creation. Instead of independent sites hosted on a particular server, Web3’s use of the blockchain provides greater resiliency, protection against censorship, and other benefits. Web3 is a marvel of the possibilities of blockchain, but we're still in an early stage, meaning not yet in the phase of massive adoption.
To attract more mainstream users, I think we need to solve three major problems. One is to offer a great onboarding experience for newcomers. Right now early adopters are facing complicated terminology and bad UIs, which is a very tricky onboarding process. Besides, in the context of such a decentralized space, for most new users, the crypto space currently feels a bit like the wild west. So many risks for security are out there, including scams, hacks, and phishing attacks. What's worse is there is no recourse for any loss from such transactions. Web3 security must be more proactive and prevention-oriented than Web2 security. That is to say, all those web3 apps and tools should be Secure and Safe first.
One last but important thing is to create web3 dApps with real-life potential. Web3 can be hard to understand but something with real-life potential could connect people IRL. By doing this, it could help break down the barriers and open the door for a much wider audience to have chances to understand and enjoy the space and clear the prejudices over Web3 or the entire field coming from mainstream users.
What do you consider the most interesting development in the field of web3 apps in recent months?
I don't want to mention a specific project right here. Just say what has impressed me in recent days in such a depressing bear market. the whole space has shrunk a lot since lots of sad things happened like the FTX collapse. But the other side of the coin is that we see lots of people tend to build the product, community and the whole industry in general. There are more solid projects than ever before .That's a thing we're looking forward to.
What's even more promising is, we see lots of projects in this circle. Not only solid, but on a more human level – bringing the most exciting parts of its culture together with a smooth onboarding experience and valuable education for newcomers.