Trouble goes where the money is.  And as Web3 continues to grow, flourish, and generate more value, there are naturally going to be bad actors who want to take advantage.  Security across Web3 is an ever-growing priority, especially since the threats are ever-evolving.  The good news is that more and more Web3 chains, platforms, and dApps are paying attention, and are working to get the information that can help them avoid bad tokens, NFTs, addresses, and more.  There are a number of sources for this data, but perhaps none as prolific as GoPlus and its API-driven security network services.

How are these Web3 players working to protect themselves and what information is most relevant to them?  GoPlus Labs is a leading Web3 security infrastructure provider, and announced that their published study, “Exploring New Frontiers: The Impact and Utility of User Security Data in Web3, Highlighted by Asset Risk Analysis for Web3 Assets (Tokens/NFTs)”, provides critical insights into how Web3 platforms are protecting themselves, which areas are raising the most concerns, and what asset risk data can tell us about the industry’s overall safety.    

GoPlus aims to arm Web3 entities with critical, permissionless security data.  Using various tools, the platform has a system where its users can pull data on security threats that might affect them, or utilize its  “Secscan” security engine and Secware Middleware for more proactive support.  The network also enhances Web3 user security and promotes decentralization by motivating user participation with its token system, encouraging users through rewards to become service, data, and node providers.

The GoPlus report shows above all else that Web3 platforms are growing in both their concern around potential threats from top risk areas (malicious tokens/NFTs, fraudulent addresses, etc.) and its sophistication for proactive security measures.  The biggest insight has been the exponential growth in demand for security insights.  When it began in 2021, GoPlus’ API services launched with a few hundred queries each day, and has spiked steadily to reach its current 21 million calls daily during peak times.  This growth of 5000x means that blockchain platforms large and small are paying attention to key threats and working to keep their communities safe. 

As an example of the data pulled from the GoPlus API, it was revealed that over 200 million scam addresses have been recorded.  This shows that the key threats toward Web3 security are real, and that proactive knowledge and action can prevent harm for a platform’s community.  

The protection for a growing number of GoPlus clients comes from SecwareX, GoPlus’ user-centric personal security center.  Launched in March 2024, it quickly gained significant traction and showcased high user trust. Within its first two weeks, it attracted over 400,000 users, including more than 30,000 premium (paid) users, highlighting its immediate impact and user trust. 

Evolving Threat Landscape

The clients using the GoPlus API service pulled target data analysis across a number of key modules.  Each module gathers and reports information on a specific risk area, providing details on the largest risks in that area so that platforms can either avoid these risks (such as dangerous tokens) or can proactively cut off threats (such as fraudulent addresses).  The APIs that saw significant growth include:

  • Token Security: This identified specific risks associated with tokens that have been flagged as suspicious, “blacklisted,” or “honeypots,” providing information on which tokens have dangerous indications or reports of fraud.

  • NFT Security:  Similar to token security, this API identifies and reports comprehensive risk data on individual NFT assets, indicating the specific risks for a reported NFT so that platforms can avoid and remove suspicious NFTs.

  • Malicious Address:  This API catalogues, identifies, and reports all addresses that have been reported as exhibiting malicious or fraudulent behaviours.

  • Approval Security:  This API takes a user address and reports all authorization data related to it, indicating what approvals have been made with the assumption the owner of the address has approved them.  This can quickly identify unauthorized and fraudulent behavior.  

  • dApp Security:  This API provides security data along with risk assessment for a given dApp, helping to identify potential dApps that should be avoided.

Top Proactive Ecosystems 

Another key insight was identifying the key ecosystems that are utilizing this security API data in order to better protect the members of their communities. BNB Chain emerged as the most prominent user of GoPlus APIs, having queried more than 92.7 million times during the research period. This reflects Binance’s laudable achievement in fostering a large community that is united in its determination to identify and proactively mitigate security risks such as token vulnerabilities and scams.  Ethereum was the second-most popular chain to leverage GoPlus, with users querying its APIs 84 million times, highlighting both the extent of its user base and its vigilance against vulnerabilities and scams. Polygon also stood out with almost 9.8 million queries during the period. This high level of adoption in the much smaller Polygon community illustrates the strong emphasis it places on scaling security solutions for the Web3 industry. 

Keeping Vigilant 

The threats to successful industries like Web3 aren’t going away anytime soon.  Web3 companies have the responsibility to protect themselves and their communities.  Knowledge truly is power when it can inform and help prevent interacting with dangerous tokens, NFTs, addresses, or other elements that can cause harm.  The GoPlus report shows that there is a strong trend of companies working more and more to protect themselves, utilizing services like GoPlus API security data.  Hopefully this trend will only go up, keeping Web3 communities better equipped, more proactive, and safer for everyone.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.