Understanding GoPlus: A Comprehensive Overview

Key Insights

• GoPlus provides a comprehensive security layer for Web3. Its suite of products (i.e., GoPlus Security Intelligence, SecWare Protocol, SafeToken Protocol, and GoPlus App) allows developers and users to configure personalized security settings, monitor suspicious activities, and access real-time risk assessments.
• Unique features of GoPlus include SecScan for automated token analysis, Mufuzz for AI-driven fuzz testing of smart contracts, and specialized research methodologies for phishing site and address detection.
• GoPlus’s daily ecosystem profit peaked on May 1, 2024 ($121,915), followed by smaller spikes on July 10, 2024 ($121,054), and Sept. 4, 2024 ($120,306). Profit is currently driven by the monthly subscription model priced at $9.90 per user, but the team plans to transition to a gas fee-based model in the coming months.
• GoPlus's daily API and request volume increased by ~1605.66% and ~64.85%, respectively, year-to-date as of June 5, 2024 – driven by various ecosystem partnerships (i.e., DexScreener, DexTool, CoinMarketCap, and CoinGecko).

Introduction

In 2023, Web3 users lost over $1.70 billion to hacking, phishing, and scams – highlighting gaps in security infrastructure and user education for decentralized platforms. Unlike Web2 environments with operating system-level protections, Web3 lacks comprehensive security frameworks, exposing users to threats that can result in irreversible losses.

GoPlus addresses these vulnerabilities with a decentralized, user-driven network serving as a dedicated Web3 security layer. Built with a Security Data Layer to aggregate and verify network-wide data and a Security Compute Layer for real-time threat computation and detection, GoPlus provides a comprehensive suite of products for onchain risk assessment. Technologies such as their SecScan conduct rapid token analysis, while the modular User Security Module (USM) integrates across wallets and decentralized applications for customized security settings. Building on this, GoPlus Security Intelligence uses APIs, SDKs, and SecNet to analyze various transactions and deliver comprehensive risk assessments. Lastly, through the GoPlus App and SecWare Protocol, the ecosystem actively encourages developers to contribute reliable security tools and services.

Background

GoPlus, founded in 2020, is a platform that enhances security and transparency in the Web3 ecosystem. They provide a comprehensive security infrastructure through their suite of products, including (i) SecWare Protocol – a developer marketplace where security services (e.g., anti-scam, anti-phishing) can be created and accessed by users through personalized SecHubs; (ii) SafeToken Protocol – a SafeToken Factory for templates of secure token contracts and a Liquidity Locker with customizable lock periods, diverse fee models, and liquidity reward collection options for teams; (iii) GoPlus App – an all-in-one platform, allowing users to configure security settings and monitor suspicious activities through various features (e.g., Wallet Activity Monitoring, Token and NFT Risk Detection); and (iv) GoPlus Security Intelligence, SDKs, and APIs – developer tools, providing secure communication with blockchain nodes, and documentation for integrating GoPlus’s security features into decentralized applications and wallets.

Since its inception, GoPlus has raised $25 million across four funding rounds from investors, including Binance Labs, OKX Ventures, Hashkey Capital, Fenbushi Capital, and Quantstamp, among others. The leadership team is composed of Mike L. (Founder) and Eskil X. (Co-Founder), both serial entrepreneurs; Allen Z. (Global Tech Lead), a former security R&D product lead at Ant Group; Patrick V. (Global Marketing and PR Lead), former marketing and community at Gate.io, BNB Chain, and TON Foundation; and Atakan Y. (Global Partnership Lead), who previously consulted with projects across Turkey and the MENA region.

Technology

GoPlus relies on two fundamental layers (i.e., Security Data Layer and Security Compute Layer) that ingest, verify, and process security data – forming the backbone of its offerings and features.

Security Data Layer

The Security Data Layer collects, verifies, and manages Web3 security data. It is structured into two parts: (i) data contributors and (ii) the data verification process, which is described in detail below.

Data Contributors

GoPlus’s Security Data Layer contributors include end-users, security researchers, third-party security firms, and specialized entities incentivized through recognition and token rewards. The layer encompasses multiple types of risk data, including:

• Token security data, which is used to analyze token contracts for risks and includes an open-source Token Risk Classification (TRC) framework that flags malicious token smart contract code;
• Malicious address data, which tracks addresses linked to fraudulent activities;
• NFT security data, including contract integrity and ownership distribution;
• Approval risk data, which focuses on identifying contracts requiring user authorization;
• Decentralized application security data, which compiles audit reports and known vulnerabilities; and
• Phishing site data, which catalogs known phishing websites.

Data Verification

To maintain data integrity, the Security Data Layer utilizes a two-tiered verification process that includes (i) primary verification, which uses auditors, trusted third-party nodes, and automated computational methods (SecScan) to verify contributions, and (ii) secondary verification, where in cases of disputes, the data is re-evaluated by external security teams and impartial institutional arbitrators.

Once data has been collected and verified, it becomes available for advanced security computation tasks within the Security Compute Layer. These tasks include processing through the AI analysis engine, static analysis engine, transaction simulation, and mu-fuzzing — all of which leverage the verified data to detect threats and provide real-time security assessments.

Security Compute Layer

The Security Compute Layer performs distributed security computations and validations across multiple nodes, using verified data from the Security Data Layer to identify potential threats in future interactions. The system can be broken down into three main components:

• User Security Module (USM) integrates with blockchains, sequencers, Remote Procedure Calls (RPCs), and wallets, intercepting transactions identified as “risky” by the operator nodes.
• SecWare AVS is a network of operator nodes that execute security tasks (e.g., transaction simulation, wallet drainer detection, and malicious address or signature detection) assigned by the User Security Module (USM). Each security service is deployed as a separate Docker image. To participate, operators must register with the AVS Service Manager and adhere to defined registration rules (to be specified by the GoPlus team).
• AVS Manager oversees SecWare AVS's operational framework by managing operator registration, task result validation, and performance-based rewards or penalties (e.g., slashing).

The above components simplify real-time threat detection and analysis through GoPlus’s Autonomous Validation Services (AVS) architecture. Below is an overview of their operations:

• The USM intercepts transactions at the RPC, blockchain, or wallet level, receiving security requests from these integrated systems to evaluate the transaction’s safety.
• The USM forwards these security requests through its fanout service, distributing tasks to SecWare AVS Operators for analysis based on the type of security check needed and operator qualifications.
• Operators call the interface of the designated SecWare Docker image to perform the assigned security task (e.g., transaction simulation and malicious address detection).
• Operators submit their results to a decentralized storage system.
• The Bookkeeper periodically gathers the task results from decentralized storage and consolidates them for validation.
• The AVS Service Manager Contract validates the aggregated results, ensuring they meet accuracy and compliance standards.
• The Bookkeeper calculates the final incentives or slashing operations based on operator performance.
• Based on the validated results, the AVS Service Manager Contract distributes token incentives for high-performing operators or applies slashes to those failing to meet performance standards.
• With the validated results from SecWare AVS Operators, the USM determines whether the intercepted transaction is safe to proceed or should be blocked through the onchain firewall feature - displaying this to the end user on the frontend.

Putting It All TogetherFull Architecture

In the diagram above, end-users configure their security settings and select specific security services through SecHub, located in the GoPlus App, which acts as their personal security center. The User Security Module (USM) intercepts and assesses user transactions for potential risks, integrating with RPCs, blockchains, and Risk-as-a-Service (RaaS) interfaces.

Within the SecWare ecosystem, various security tools and software (SecWare) — developed by contributors and registered through the SecWare Protocol — address specific threats.

The Security Data Layer and Security Compute Layer handle data storage, verification, and computation processes. The Security Data Layer manages data verification through nodes and engines, storing validated information on malicious addresses, risk assessments, and transaction patterns. The Security Compute Layer, powered by the GoPlus Security Engine and AVS Operators, executes distributed security tasks using Docker-based SecWare services on operator nodes. Together, these layers allow GoPlus to assess risks efficiently.

Unique Technology Features

• SecScan: An automated tool for detecting malicious behaviors in ERC-20 tokens, using a Graph Intermediate Representation (GIR) to capture data, control, and order dependencies. It identifies high-level token behaviors, like balance tracking, and detects issues, such as tax modifications, minting, and blacklisting, through a value flow engine and constraint solving. Large Language Models (LLMs) further enhance its efficiency.
• Fuzzing Testing with Mufuzz: A specialized AI-driven fuzz testing tool designed to uncover vulnerabilities in smart contracts before they can be exploited. It simulates various transaction sequences in smart contracts, prioritizing deeper and more complex conditions often missed by traditional methods. To learn more about the research methodology, the original academic paper can be read here.
• Phishing Site Detection: This framework detects phishing websites using a multi-layer attention mechanism, leveraging the CharBERT model to extract subword and character-level URL features. To learn more about the research methodology, the original academic paper can be read here.
• Phishing Address Detection: The Spatio-Temporal Fusion Network (STFN) identifies phishing activity on the Ethereum network by examining spatial and temporal transaction data. To learn more about the research methodology, the original academic paper can be read here.

With this infrastructure and unique technology, GoPlus offers a suite of products, including:

• GoPlus Security Intelligence: This product encompasses APIs, SDKs, and SecNet to provide comprehensive security solutions. APIs provide a set of endpoints to retrieve data or trigger specific functions within GoPlus’s services. SDKs offer a full suite of tools, libraries, and documentation for developers to integrate GoPlus’s security features into applications. RPCs combined with SecNet allow decentralized applications to interact securely with blockchain (i.e., Ethereum and BNB Chain) nodes while routing requests through GoPlus’s security layer.
• SecWare Protocol: Acts as a marketplace where developers create onchain representations of security services (e.g., anti-scam and anti-phishing tools) by staking and registering with the protocol. These services are then made available to end-users when they create a personal security center instance (SecHub) on the blockchain to manage their security strategies and interact with SecWares.
• GoPlus SafeToken Protocol: Consists of (i) a SafeToken Factory, which provides standardized open-source token contract templates for developers, and (ii) a Liquidity Locker, which allows for customizable lock periods, collection of liquidity mining rewards, and offers diverse fee models to fit different project needs.
• GoPlus App(Formerly SecWareX): A centralized platform where users can access various security tools and services. Users can configure and manage their security features through SecHub. It also includes a Security Quest Center, where users can complete security-related tasks to learn about threats and earn rewards. Key features of SecHub within the GoPlus App include:
  • Wallet Activity Monitoring: Provides users real-time notifications for suspicious activities on BNB Chain and Ethereum.
  • Token and NFT Risk Detection: Detects honeypot scams for tokens and identifies fake NFTs, helping users avoid fraudulent assets.
  • Approval Management: Identifies potential risks in approved contracts for tokens and NFTs.
  • Analyze and Recover Stolen Assets: Analyzes the cause of theft, tracks stolen assets, and provides users with a comprehensive view of asset flow.

GoPlus TokenToken Functions

According to the whitepaper, the GPS token will power the GoPlus ecosystem and serve several purposes, including:

• Covering gas fees for GoPlus services (i.e., onchain firewall and different Secwares);
• Staking by security data providers to contribute verified data and earn rewards;
• Supporting AVS Operators who complete computation tasks with rewards based on performance; and
• Revenue sharing for developers who create SecWare security services within the ecosystem.

The GoPlus team has yet to release information regarding tokenomics and/or governance.

Here is how the different stakeholders (i.e., Users, Data Providers, AVS Operators, and Secware Developers) operate in the GoPlus ecosystem:

• Users interact with GoPlus Network and pay a gas fee on every transaction for security protection. They can stake GPS to access SecWares, receive rewards, and delegate tokens to AVS Operators.
• Data Providers stake GPS to contribute verified security data (e.g., malicious addresses, vulnerabilities) through the Security Data Layer. They receive GPS rewards based on data quality and relevance.
• AVS Operators, who serve as the compute node contributors, provide the computational resources needed to execute security detection and process tasks within the network. They stake GPS or ETH to register as operators, using their own infrastructure to run SecWare services and support AVS tasks. Users can delegate tokens to AVS Operators, who, in turn, receive GPS rewards based on task completion and performance. They benefit from multiple revenue streams, including base Ethereum staking rewards, additional staking rewards through the EigenLayer framework, and extra fees from SecWare AVS rewards.
• SecWare Developers create SecWare security services by staking GPS in the SecWare Protocol. They earn a portion of the gas fee based on the usage and quality of their services, with all profits allocated through a Revenue Pool. A staking and slashing mechanism ensures service quality; developers who fail to meet standards or engage in malicious behavior risk losing a portion of their staked tokens.

State of the GoPlus Ecosystem

Key projects that highlight the variety of benefits GoPlus provides include:

• KyberSwap: A multichain aggregator that integrated GoPlus's Token Security API into their platform, joining other GoPlus DeFi partners (e.g., Sushi).
• DexTools: A decentralized crypto data aggregator that integrated multiple GoPlus APIs, including Token Security, Malicious Address, and NFT Security.
• Linea: An Ethereum Layer-2 that integrated GoPlus’s suite of solutions within their mainnet alpha.
• BitLayer Labs: A Bitcoin Layer-2 that partnered with GoPlus to embed its Token SecurityDetection API within the platform.

Notably, GoPlus does not have direct partnerships with the abovementioned L1s and L2s; instead, it offers security services to the users and decentralized applications operating on these blockchains.

Recent partnerships and integrations include:

• Nov. 25, 2024: GoPlus launched a new API providing token security analysis for the Sui blockchain.
• Nov. 1, 2024: GMGN - A memecoin trading tool integrated GoPlus's Token Security Detection API directly within their ecosystem.
• Oct. 31, 2024: Flap - A one-click launch and trading platform driven by bonding curves integrated with GoPlus’s offerings.
• Oct. 30, 2024: iSafePal - A cold storage crypto wallet provider integrated GoPlus’s Solana Token Security API.
• Oct. 28, 2024: We.rich and Four.meme – Memecoin launchpads that have integrated GoPlus's SafeToken Protocol.

On May 1, 2024, GoPlus’s daily ecosystem profit – currently calculated as a monthly subscription model priced at $9.90 per user – peaked at $121,915. This was followed by lower spikes on July 10, 2024 ($121,054) and Sept. 4, 2024 ($120,306). A commercially reasonable search found no direct qualitative events that could have driven these numbers; however, the GoPlus team suggested that promotions from prominent influencers in the Web3 space might have influenced the peaks.

Overall, daily profit grew ~32.32% from Q1 to Q2, increasing from $8,544 to $11,305. However, this upward trend was followed by a ~93.26% decline from Q2 to Q3, with profits dropping to $762. Notably, the team has mentioned that they plan to transition to a gas fee-based model in the coming months.

GoPlus’s daily API and request volume increased ~1605.66% and ~64.85%, respectively, year to date as of June 5, 2024, based on data available as of October 30, 2024. Other metrics (e.g., Number of SecHubs Created, Daily Request Token, and Daily New IP Count) can be found on their public Dune dashboard.

Roadmap

In Q2 and Q3 2024, GoPlus achieved all planned releases on their roadmap, including:

• GoPlus SecNet (Security RPC Services): Real-time onchain risk control on Ethereum and BNB Chain for users of the GoPlus App (formerly SecWareX).
• SecHub: Launch of a Personal Security Center for customizable security preferences.
• GoPlus Safetoken Protocol: Launch of (i) open-source secure token contracts and (ii) liquidity management solutions for developers and teams.
• GoPlus Security AVS (Test Version): Decentralized security computing architecture using Eigenlayer.
• USM SDK: Open integration for security across various RPCs, wallets, and sequencers.
• Solana Support: Transaction risk detection capabilities via API for Solana users, applications, and wallets.

Looking forward, GoPlus has the following planned for Q4 2024 and 2025:

Q4 2024

• Compute Layer Release: Allow operators to register and join based on the Eigenlayer AVS architecture.
• Implement Security Gas Service Model: The GPS token, or Energy Block – essentially a pre-token generation event (TGE) reward – will be utilized to access security services for onchain transactions.
• Security Data Layer Test Version Release: Allow users to contribute security data to the network by staking GPS.

2025

• Security Data Layer Official Full Release
• SecWare Developer Platform Launch: Allow developers to independently build, deploy, and publish SecWare applications.
• Expand Network Support: For enhanced multichain ecosystem compatibility.

Closing Summary

GoPlus provides a decentralized, user-driven security layer for Web3, addressing critical vulnerabilities in tokens, decentralized applications, and transaction safety. Powered by its Security Data Layer for verified network-wide data aggregation and a Security Compute Layer for real-time threat computation, GoPlus uses unique tools like SecScan for rapid token analysis and a modular User Security Module (USM) for integration across multiple wallets and decentralized applications.

The GoPlus ecosystem supports a growing array of partnerships and integrations, demonstrated by a rise in daily API and request volumes. Looking forward, GoPlus plans to release its full Security Data Layer, expand multichain compatibility, and empower developers through the SecWare platform, displaying the project’s commitment to building a safer, more robust Web3 ecosystem.