GoPlus Security Data Reveals a Web3 Under Siege
GoPlus Security stopped 2.3 million scam transactions in April of 2026. The figure deserves attention. That number was calculated from the protocol's security layer, which means over 717 million API calls processed monthly, across 40+ blockchains where threats were found. Then add $45.8 million in user savings from hacks along with vulnerabilities discovered across 30+ projects in the ecosystem. A picture starts to become pretty clear. The infrastructure underlying crypto wallets most users know and rely on (think MetaMask, Trust Wallet, Uniswap) is literally under attack every single day. The conversation isn't whether attacks are happening on GoPlus products. What the prevalence of these attacks means for on-chain security as a whole in 2026 is the open question.
What Hundreds of Millions of Monthly API Calls Catch
Volumes matter too. The GoPlus Intelligence Token Security API is averaging 717 million calls per month across its endpoints in 2025. It hit a high-water mark of just shy of 1 billion calls in February 2025. That network added an AI Agent Security API to the stack in March 2026. That's a new category of threat feeding into that total just this year. Each API is designed to scale to tens of millions of calls. The number of SecHub deployments had surpassed 70,000 in late 2025 with 36 AVS operators staked in its validator set. A total of 1.1 million ETH was restaked across that set. Those are the networks that make up the 2.3 million. Each blocked transaction was analyzed for malicious address patterns, then went through token security analysis and transaction simulation before being blocked. The GoPlus Security token model even charges a nominal gas fee in GPS for each interaction with the secured ecosystem. Every transaction blocked is revenue generated for the protocol. Actual take to date (October 2025): $4.7 million. $2.5 million (53%) of that was generated by the GoPlus App, $1.7 million directly through the SafeToken Protocol. Point is: when you do the math on that ratio of API calls to actually blocked transactions, the interception rate is roughly 0.32% of all queries. It sounds insanely low until you realize those queries are in the hundreds of millions per month. That's millions of exploits prevented each month. And that ratio continues to grow.
Usage scale vs market valuation. Sources: GoPlus Q1 reports for protocol metrics; CoinGecko for GPS price and market cap.
Honeypots, Rug Pulls, and the Attack Types Dominating Today
None of these 2.3 million will fall cleanly into just one category. GoPlus' protections cover everything from honeypot contracts, unlimited minting bugs, phishing attacks and rug-pulls. GoPlus integrations on protocols like Uniswap and SafePal were specifically designed to detect honeypots and tokens that have been programmed with intentional protections against selling an asset once it's bought and unlimited minting vulnerabilities that allow whoever controls a contract to mint unlimited tokens and drain liquidity from a pool. GoPlus added a fourth category of detection in March of 2026 with SafuSkill Security Marketplace's launch on BNB Chain: malicious AI Agents "Skills." Skills are collections of code that can be plugged into autonomous agents to grant them new functions. GoPlus discovered that 21% of popular "Skills" contained high-risk code capable of serious attacks such as remote network access. 1 in 5 AI agent Skill modules across BNB Chain were found to harbor code-signatures associated with exploitations. This attack vector will expand far more quickly than many can foresee as users begin to leverage AI agents to trade DeFi and manage portfolios. One example of how new methods of development are creating new classes of vulnerabilities was seen with oracle price feed inconsistencies found in Moonwell in April of 2026. The team suspected a malicious actor was "vibe coded" with Claude Opus 4.6. Phishing attacks continue to be the highest volume category. GoPlus' browser extension update with EIP-7702 detection, auto Web3 contract address highlighting on X, and 1-click risk checks were meant to combat the influx of social engineering attacks that redirected users to approve malicious contracts. These aren't complex attacks. They're low effort scam attempts that rely on volume to succeed.
Static Audits Can't Keep Up With Real-Time Threats
Audits have been the industry standard for smart contract security for years now. Company audits code, writes report, contract gets deployed. Recent disclosures suggest that maybe that process isn't all it's cracked up to be. Released April 22nd, 2026, the AI Auditing Benchmark dataset is a curated dataset of 22 real-world smart contract exploits publicly observed between May 2025 and April 2026. Each of these exploits is contained within contracts that had previously passed audits before being exploited. A real-time security layer solves a fundamentally different problem than that of a pre-launch audit. Audits help catch code-level vulnerabilities. Behavioral monitoring aims to catch anomalous behavior: a token contract that has been running benignly for weeks suddenly has its owner call a hidden mint function, or a liquidity pool whose deposits and withdrawals follow behavioral patterns consistent with syphoning. GoPlus has elected to layer these two strategies together. Since the AI Auditing Benchmark dataset is meant to be used as a testbed for detection system evaluation, the live API will be reserved for transaction-level screening. Whether this becomes a recurring theme will reveal how markets price real-time security infrastructure. GPS coin trades at $0.007634, down 96.5% from its all-time high of $0.2198 in January 2025. Since the bottom of the cycle in December 2025, GPS has rallied 73.7%. Over the past week, GPS has appreciated 8.9%, outpacing the broader market's gain of 1.2%. Both usage and valuation tell different stories at this point. $4.7 million in revenue and a post-money valuation of $76.3 million creates a revenue multiple of about 16x. Nothing to write home about for an infrastructure protocol expected to achieve high growth, but with 4.29 billion tokens in circulation out of 10 billion max supply, there is a bit of a dilution overhang. 166.44 million GPS tokens will be unlocked on June 1, representing 1.7% of total supply.
The Security Crisis That Produced These Numbers
To put $4.0B in web3 security losses into perspective for 2025, this is the macro trend behind GoPlus's 2.3M-per-month interceptions. GoPlus protocol did not create the demand. The current ecosystem GoPlus is trying to solve for is one where scam contracts are being verified and pushed to mainnets faster than auditors can review lines of code. GoPlus front end integration partners and middleware pipeline shows the ecosystem working together to build collaborative solutions. By integrating into Binance, MetaMask, and Trust Wallet the solution is already reaching end users in the millions. Binance Labs, AltLayer, Footprint Analytics, and Phala Network partnerships hint at how detections will begin to feed into broader data analytics, decentralized tech, and TEEs. The Bithumb listing in February 2026 opened up retail into Korean markets and pumped security price 20% temporarily. Whether further upside follows now that Korean investors can buy the project remains to be seen. Another factor long term will be expansion into AI agent security. The Security API will give projects pay-as-you-go malicious address filtering, token security ratings, and rug-pull threat ratings. GoPlus does not issue API keys, by design enabling agent-like behavior in security decisions. Smart contracts can make automatic security decisions on transactions without a human in the loop. This becomes important as the AI agent population inside the crypto ecosystem grows as expected. Growth will appear not just in percentages of API calls and blocked transactions, but in multiples of the already substantial growth rate. Whether GPS price continues uptrend depends on whether market follows protocol traction. RSI sits at 60.32, currently in neutral. CoinGecko has GPS coin sentiment as bearish. CoinCodex independently ran a quantitative analysis on the coin and found 2026 to be bullish for it. Substantial user-level adoption continues with 717 million API calls per month while the token remains bearish. GoPlus is working while GPS struggles.
Reading the Numbers Against Web3's Security Model
First, this is not an attempt at answering whether GPS is a good investment thesis. Instead, the question is what to do when one protocol begins generating enough threat data to quantify the size of on-chain crime in near real-time. What happens when crypto GPS infrastructure is effectively acting as a Web3 fraud de facto surveillance system blocking 2.3 million scam transactions across 40+ chains in 30 days? When the dataset you're sitting on tells a story larger than any one protocol's revenue or token price. It's a story about an industry where 1 in 300 transactions filtered through security APIs contain at least one threat indicator. A story where AI agent modules are flagging 21% of all activity as high-risk. Where Oracle manipulation, phishing scams, honeypots, and rug pulls aren't dying down, but evolving to attack new surfaces: autonomous agents, vibe-coded contracts.
GoPlus ($4.7M revenue, $33.6M market cap) is a mid-cap infrastructure company with outsized importance in data. Built for security at the transaction layer (rather than at security audits pre-deployment), GPaaS is generating protective service metrics that no other protocol at scale can even compete with.
Whether or not the market will recognize and reward that reality through GPS is a question for another day. What is known is whether the product works. 2.3 million transactions blocked = product works. 96.5% below ATH = market hasn't decided what that's worth yet.
