
Security Special 06 | OKX Web3 & GoPlus: On-chain Security Monitoring and Post-Incident Response
TechFlow Selected TechFlow Selected

Security Special 06 | OKX Web3 & GoPlus: On-chain Security Monitoring and Post-Incident Response
Inviting the emerging blockchain security team GoPlus to share practical guidelines on on-chain security monitoring and post-incident emergency response, for learning and交流 purposes only.
Introduction
OKX Web3 Wallet has specially launched the "Security Special Edition" series, offering targeted solutions for various types of on-chain security issues. By analyzing real-life user cases and collaborating with experts or institutions in the security field, we provide dual-perspective insights and answers, gradually organizing and summarizing secure transaction rules. Our goal is to strengthen user security education and help users learn how to protect their private keys and wallet assets from the ground up.
On-chain security is like an endless game of hide-and-seek
Users must always keep their assets hidden and maintain strong defenses
Even if "caught by hackers," stay calm and learn how to respond quickly
In previous editions, starting from real user cases, we spent significant space covering risk identification and security protection—ranging from private key safety, MEME trading security, airdrop farming risks, device security, and DeFi interaction safety—offering comprehensive coverage.
As the saying goes, it's never too late to mend the fence after losing sheep. This is the 06th edition of our Security Special Series. We are honored to invite GoPlus, a rising star in blockchain security, to share practical guidance on on-chain monitoring and post-incident emergency response. This content is for educational and informational purposes only.

GoPlus Security Team: Thank you for the invitation. We are committed to building a Web3 user security network, focusing on providing permissionless access to security data and end-user services. Technically, GoPlus integrates advanced AI modules and currently serves over 10,000 partners, with daily calls for user security data exceeding 21 million, supporting more than 20 public blockchains.
OKX Web3 Wallet Security Team: Hello everyone, we're thrilled to participate in this session. The OKX Web3 Security team is primarily responsible for developing various security capabilities within OKX’s Web3 ecosystem, including smart contract security audits, wallet security enhancements, and on-chain project monitoring. We aim to provide users with multi-layered protection—product security, fund safety, transaction security—and contribute to safeguarding the broader blockchain security ecosystem.
Share some real user cases where on-chain security measures successfully prevented or mitigated losses
GoPlus Security Team: There are many such cases; here are two examples.
Case One: A user from the GoPlus community reported that their EVM address was attacked using a token poisoning technique. Hackers sent small amounts of tokens to the target wallet, forging addresses with matching first five and last three characters to trick users into believing they were sending funds to familiar addresses. However, thanks to on-chain protection and monitoring services, potential losses exceeding $20K were successfully avoided.
Here’s what happened: During an Ethereum transfer, the security monitoring and interception service played a critical role. The system detected a suspicious poisoned address sending tokens to the user’s wallet and automatically blacklisted it. At this point, the user was unaware but had already initiated a fund transfer to the forged address. Fortunately, the user had enabled a secure RPC service in their wallet. After the transaction was submitted, the interception service immediately intervened and blocked the transaction. An automatic alert notified the user that the destination address did not match their usual ones and posed a potential risk.
Upon receiving the notification, the user paused the transfer and used verification tools to check the address, confirming it as a known poisoned address. System records showed this address had been linked to multiple fraudulent activities in recent days. The user promptly canceled the transaction, avoiding transferring funds to the hacker-controlled wallet. Afterwards, the user cleaned up their frequently used address list, removing all unknown entries to prevent future incidents.
Case Two: Successfully recovering assets via front-running during an on-chain attack
Another one of our users discovered their EVM private key had been compromised. All ETH had already been transferred out, and the hacker had set up monitoring and automated scripts ensuring any ETH sent back as gas would be instantly swept away. Ultimately, by leveraging front-running services, the user successfully preempted the hacker and transferred remaining NFTs and tokens to a new secure address.
With our assistance, the user utilized front-running technology to recover assets. Using a high-priority transaction strategy, combined with real-time monitoring and increased gas fees, we ensured these transactions were mined before the hacker’s monitoring script could react. The user gradually moved NFTs and remaining tokens through multiple intermediate addresses, ultimately rescuing most of their assets and preventing over $10K in losses.
These two cases demonstrate that whether during or after an incident, timely use of proper tools and security services can significantly reduce financial loss and mitigate risks.
OKX Web3 Wallet Security Team: Due to phishing attacks and private key leaks experienced by users, we have provided extensive support to help them recover lost assets.
Case One: User A accidentally entered their private key on a phishing website, resulting in stolen Ethereum (ETH). Fortunately, other ERC20 tokens like USDC remained untouched. After reaching out for help, we conducted in-depth communication and mobilized our team to assist. By using Flashbots to bundle transactions, we simultaneously submitted both the gas payment and asset withdrawal in the same block, successfully recovering the remaining assets.
Case Two: While checking for airdrop eligibility, User B mistakenly visited a phishing site that prompted them to authorize a known risky address. OKX Web3 Wallet identified the address as blacklisted and successfully blocked the authorization request, preventing potential asset loss.
Case Three: Protocol C suffered an exploit, putting all wallets that authorized it at risk. The OKX Web3 Wallet Security Team responded swiftly by marking the vulnerable contract as high-risk, triggering warnings whenever users attempted to re-authorize it—effectively minimizing further damage.
These cases show that users should not only update emergency responses against phishing and protocol exploits but also leverage security tools and seek professional help when needed. Most importantly, users must start with themselves—learning how to protect their wallets and digital assets.
How can users better understand and manage their wallet's security status?
GoPlus Security Team: To better understand and manage wallet security, users can take the following detailed steps.
One: Regularly review authorizations
1. Use Authorization Management Tools
• Leverage dedicated tools: Use common authorization management tools to regularly audit approved smart contracts. These tools can list all authorized contracts and flag those infrequently used or potentially risky.
• Risk assessment: Evaluate each contract’s code safety and historical behavior through these tools to identify red flags.
2. Revoke Unnecessary Authorizations:
• Easy revocation: Through these tools, users can conveniently revoke unused contract permissions—reducing exposure to potential threats and preventing malicious contracts from exploiting existing authorizations.
• Routine maintenance: Regularly clean up your authorization list to keep it minimal and secure, ensuring only essential dApps retain access.
Two: Wallet Monitoring
1. Use Monitoring Tools
• Real-time alerts: Utilize wallet monitoring tools like Etherscan’s watchlist or GoPlus’s security dashboard to monitor wallet activity in real time. Users will receive immediate notifications upon unauthorized changes, suspicious transactions, poisoning attempts, or other security events.
• Detailed logs: These tools typically offer comprehensive reports and logs tracking every wallet action, enabling users to review and analyze behaviors effectively.
2. Custom Alerts
• Set alert parameters: Configure custom alerts based on transaction amount, frequency, etc. Examples include large transfers, frequent interactions, or authorization modifications.
• Prompt response: Once triggered, act immediately—review and intervene to prevent further loss. Alerts can be delivered via email, SMS, or in-app notifications.
Three: Additional Security Measures
1. Regular Backup and Recovery
• Secure backups: Regularly back up your private keys and seed phrases, storing them securely across multiple locations—such as offline devices, encrypted USB drives, or paper copies. Ensure no unauthorized person can access them.
• Test recovery: Periodically test the wallet restoration process to ensure you can quickly and fully recover access when needed—including importing keys, restoring functionality, and verifying usability.
2. Use Hardware Wallets
• Enhanced security: Store large holdings in hardware wallets, which offer superior protection since private keys never leave the device, shielding them from theft.
• Firmware updates: Keep your hardware wallet firmware updated—manufacturers regularly release patches to counter emerging threats.
OKX Web3 Wallet Security Team: Typically, users can enhance wallet security management through several approaches:
1. Use Wallet Security Tools
Many wallets and security tools help users manage permissions and improve safety:
1) Common browser wallet extensions allow users to manage DApp permissions—view and revoke authorizations, periodically review connected sites, and deauthorize unnecessary ones.
2) Use websites that scan and revoke wallet authorizations. Connect your wallet to view all authorized smart contracts and selectively revoke unneeded permissions.
2. Regularly Review Wallet Authorizations
Regularly audit your wallet’s authorization status to eliminate excess or suspicious grants:
1) Connect to Revoke.cash or similar platforms.
2) Review the full list of authorized smart contracts.
3) Revoke authorizations for unused or suspicious DApps.
4) Always keep your wallet software updated to benefit from the latest security patches.
3. Strengthen Personal Security Awareness
1) Beware of phishing: Avoid clicking unknown links or downloading suspicious files.
2) Use strong passwords and two-factor authentication (2FA): Set robust passwords for your wallet accounts and enable 2FA for added security.
How can users detect on-chain security incidents and protect their assets promptly?
GoPlus Security Team: Users should learn to monitor transactions in real time and block malicious on-chain activity proactively.
Why is real-time monitoring important? It is crucial for protecting user assets. As more hackers and scam groups engage in on-chain fraud, identifying hidden risks in transactions becomes increasingly difficult. Many users lack the technical knowledge and skills to fully understand and defend against these threats. Real-time monitoring helps users quickly spot anomalies—such as unauthorized transactions, large transfers, or unusual activity—and take swift action to prevent losses. Moreover, it detects and blocks malicious actions like phishing, hacking, and smart contract exploits, thereby securing user funds. When a security incident occurs, real-time alerts notify users instantly so they can freeze accounts, cancel authorizations, or report the event—minimizing damage. By providing transparency, real-time monitoring also enhances trust in wallets and platforms, allowing users to constantly monitor transaction and authorization statuses, improving overall experience.
To achieve real-time monitoring and block malicious transactions, users can adopt the following measures:
First, implement monitoring and response systems. Set up customizable transaction alerts based on amount, frequency, etc., and receive instant notifications via email, SMS, or in-app messages. This allows precise oversight of wallet activity and triggers immediate warnings upon detecting suspicious behavior, enabling rapid intervention before losses escalate.
Second, utilize blockchain analytics tools. Platforms like public chain explorers allow users to track wallet transaction history and analyze patterns and counterparties. These tools provide deep data insights to help identify risky transactions and take preventive action. They also aid in tracing fund flows and detecting possible fraud.
Additionally, seamless risk control protection greatly improves user safety experience. Secure RPC or secure wallet products offer invisible protection by analyzing user transaction behavior and environment in the background, automatically identifying and assessing potential threats. This mechanism operates without complex user input, reducing operational burden. For example, advanced secure RPC services analyze the risk level of each transaction and intelligently block dangerous ones. Users simply bind their wallet to the monitoring and blocking service—the system then protects their assets autonomously.
Combining these methods enables comprehensive real-time monitoring of on-chain transactions, effectively blocking malicious activity and safeguarding assets. With seamless risk control, real-time monitoring, and intelligent blocking, users enjoy a safer and more convenient environment for on-chain transactions. Whether casual users or professional investors, these technologies offer strong protection, giving greater peace of mind when participating in the blockchain ecosystem.
Real-time monitoring not only helps combat current threats but also strengthens preparedness against future risks. As blockchain technology evolves and use cases expand, security challenges become more complex and diverse. By continuously learning and adopting the latest security tools, users remain vigilant against new threats and can adapt and optimize their defense strategies accordingly. Ultimately, real-time monitoring, intelligent blocking, and seamless risk control will become indispensable tools for safe on-chain trading—protecting users’ digital assets.
OKX Web3 Wallet Security Team: On-chain security incidents occur frequently. Users need to know how to detect these events early and protect their assets. Below are specific methods and tools to help enhance threat awareness and take protective actions.
1. Follow Blockchain Security Firms on Twitter
• Monitor official channels: Follow verified blockchain security companies on Twitter to stay updated on the latest threats and attack vectors.
• Track evolving tactics: Pay special attention to newly discovered attack patterns targeting similar protocols, helping avoid investment exposure due to shared vulnerabilities.
2. Use On-Chain Monitoring Tools
• Real-time monitoring: Use tools like OKLink’s balance tracker to monitor TVL (Total Value Locked) fluctuations, or leverage security vendors’ protocol monitoring dashboards to get instant alerts about suspicious activity.
3. Monitor Project Compensation Updates
• Watch for compensation plans: After major exploits, affected projects may issue compensation to users.
• Track announcements: Check official websites, social media, and project channels for details on recovery programs.
• Report losses: Affected users should submit claims promptly according to project guidelines.
4. Revoke Access to Vulnerable Contracts
• Use Revoke.cash: Employ tools to detect and revoke authorizations to exploited contracts, preventing secondary theft.
How can users avoid becoming targets of phishing attacks during on-chain transactions?
GoPlus Security Team: To avoid falling victim to phishing attacks during on-chain transactions, users should strengthen defenses in the following areas.
Key precautions include:
One: Verify Sources
• Official channels only: Never click on suspicious links, especially direct messages on Email, Twitter, or Discord. Always perform transactions and logins via official websites or dApps. Bookmark trusted sites to avoid fake versions. You can also verify authenticity by checking if reputable accounts follow the project on Twitter.
• Inspect URLs carefully: Double-check website addresses for correct spelling and HTTPS certificates. Phishing sites often mimic real domains with subtle typos.
Two: Use Secure Browser Extensions
• Install trusted plugins: Use security browser extensions with features like transaction simulation and phishing detection. These tools actively scan visited sites against known phishing databases and issue warnings when risks are detected. Some even simulate transaction outcomes to warn users in advance.
• Keep updated: Ensure all browser extensions and security software are up-to-date to defend against the latest phishing techniques.
Three: Enhance Vigilance and Recognition Skills
• Be cautious with emails/messages: Stay alert to any message requesting personal information, passwords, seed phrases, or private keys. Legitimate services never ask for these via email or chat.
• Check sender details: Even if a message appears to come from a known source, verify the sender’s email address closely. Attackers often spoof legitimate senders using slight misspellings or fake domains.
Four: Fund Management
• Multi-wallet strategy: Distribute assets across multiple wallets instead of concentrating everything in one. This way, even if one wallet is compromised, others remain protected.
• Combine cold and hot wallets: Store most assets in offline cold wallets and only keep small amounts in online hot wallets for daily use. Cold wallets offer higher security as they are not internet-connected.
• Routine checks: Regularly audit wallet security and transaction logs, revoke unnecessary authorizations, and address anomalies promptly.
OKX Web3 Wallet Security Team: As the on-chain ecosystem grows, user interactions increase—making stronger security awareness essential. Adopt multiple safeguards to reduce the risk of becoming a phishing target and protect wallet and asset integrity.
1. Verify Websites and Addresses: Before entering private keys or conducting transactions, confirm the website URL is accurate—especially when arriving via email or social media links. For blockchain addresses, use trusted services like OKLink Explorer to validate legitimacy.
2. Use Hardware Wallets: Hardware wallets add an extra layer of security. Even if your computer is infected or you visit a phishing site, the private key remains inside the device.
3. Avoid Blind Authorization: When approving smart contracts, verify the contract’s content and origin. Only authorize trusted or thoroughly vetted projects with strong community reviews.
4. Leverage Security Tools and Services: Install anti-phishing and malware protection tools such as browser extensions—they help detect and block access to known malicious sites.
5. Stay Alert: Be wary of urgent requests asking for private keys or immediate fund transfers. Attackers often exploit panic or impatience to manipulate decisions.
6. Improve Personal Security Knowledge: Continuously update your understanding of security—follow the latest phishing tactics and blockchain security trends. Consider taking online courses or reading security guides.
How can users avoid investing in scam projects during on-chain transactions?
GoPlus Security Team: First, understand what scam tokens are. Scam tokens are cryptocurrencies created by bad actors whose sole purpose is to execute rug pulls. These tokens are designed to steal investor funds and lack real utility or value. After purchase, victims often find they cannot sell—or suffer massive losses due to hidden restrictions. Common red flags include locked selling functions, transaction cooldowns, hidden fees, or deceptive mechanisms. Here’s how users can avoid buying scam tokens.
1. Verify Contract Address:
• Cross-check info: Before purchasing a token, confirm its smart contract address matches the one provided officially—via website, whitepaper, or verified social media.
• Review code: If technically capable, examine the token’s smart contract code for suspicious logic. Otherwise, rely on trusted audit tools or services.
• Use blockchain explorers: Check token details via explorers—holder distribution, transaction history—to identify obvious risk signals.
2. Use Trusted Tools:
• Token risk scanners: Use reliable tools to scan for malicious code. These detect common scam traits like untradable tokens or hidden fees.
• Contract analysis platforms: Use blockchain analytics platforms to study transaction history and contract code. Watch out for tokens heavily concentrated in few hands.
• Automated monitoring: Use tools that continuously scan new tokens and flag suspicious characteristics, helping avoid scams early.
3. Community and Reputation:
• Social feedback: Check community sentiment on Twitter, Reddit, and other forums. Avoid tokens repeatedly flagged as scams.
• Transparency: Assess project transparency—team background, technical whitepaper, development roadmap. Legitimate projects usually disclose detailed information.
• Join discussions: Participate in community chats to learn about project progress and real user experiences, helping assess credibility.
4. Small Test Transactions:
• Trial buys: Make small test purchases before large investments. Confirm buying and selling work properly—avoid “Ponzi coins” that trap funds.
• Monitor fees: Pay attention to gas costs and slippage during tests—watch for unusually high or hidden charges.
• Observe market reaction: After testing, observe trading volume and price stability to gauge normal market behavior.
5. Beware of High Returns:
• Unrealistic promises: Be skeptical of tokens promising huge returns or quick profits. Scammers exploit greed with unrealistic rewards.
• Recognize red flags: High returns mean high risk. Stay extremely cautious around claims of “guaranteed profits.”
• Seek expert advice: Consult professionals before investing—get objective risk assessments.
6. Invest Rationally:
• Stay calm and cautious: Don’t chase short-term gains. Conduct thorough research and risk evaluation. Investment decisions should be based on rational analysis—not emotion.
• Diversify holdings: Never put all funds into a single token or project. Spreading investments reduces overall risk—even if one fails, the impact is limited.
OKX Web3 Wallet Security Team: Rug pulls remain common—users must stay vigilant. For example:
1. Research project background: Before buying any token, conduct deep research—vision, team, whitepaper, roadmap. Explore community discussions to hear others’ opinions.
2. Spot warning signs: Red flags may indicate scams—anonymous teams, exaggerated promises, lack of transparency. If anything feels off, proceed with caution.
3. Use token scanning tools: OKX Web3 Wallet offers built-in token scanning that analyzes contract code, on-chain behavior, and community feedback—helping detect potential fraud.
4. Audit contracts: On Ethereum or other smart contract platforms, you can inspect token contract code. Scrutinize for suspicious logic or closed-source code—proceed with extreme caution.
5. Stay skeptical: Don’t blindly trust recommendations from strangers or mass-posted promotions in groups. If a project sounds too good to be true, question it and stay rational.
How can users protect against MEV attacks and avoid financial loss?
GoPlus Security Team: To prevent losses from MEV (Miner Extractable Value) attacks, users can take the following steps:
1. Use Specialized Tools
• Enable anti-MEV features: Activate anti-MEV functions in your wallet or use specialized plugins/tools that detect and avoid potential MEV exploitation.
• Transaction protection services: Some platforms offer protection by batching or obfuscating transactions to lower MEV risk—especially useful for large trades.
2. Spread Out Transaction Timing:
• Avoid peak hours: Steer clear of high-volume periods when MEV activity spikes—such as times of high volatility or major news releases. Opt for low-traffic windows to reduce exposure.
• Schedule trades: Use scheduled execution to split large trades across different times, minimizing vulnerability to MEV.
3. Leverage Privacy Technologies:
• Private nodes: Send transactions via privacy-focused relays like Flashbots, which route directly to miners, bypassing public mempools and reducing MEV risk. Note: confirmation may be slightly delayed.
• Obfuscated transactions: Split and mix transactions into smaller parts to increase stealth and lower attack likelihood.
4. Diversify Strategies:
• Spread transactions: Avoid clustering all activity at once or on one platform—distribute risk and reduce predictability.
• Use multiple platforms: Trade across various exchanges and tools to avoid concentration and reduce targeting risk.
5. Choose Pools with Strong Liquidity:
• High-LP pools: Prefer trading pairs with deep liquidity and abundant LPs to minimize slippage and MEV manipulation.
• Check depth: Before trading, examine pool depth and liquidity to ensure smooth execution without drastic price swings.
6. Set Reasonable Slippage Tolerance:
• Slippage protection: Configure appropriate slippage settings to prevent excessive deviation. Too high increases MEV risk; too low risks failed transactions. Adjust dynamically based on market conditions.
7. Continuously Monitor and Adapt:
• Track transactions: Monitor your trading activity to detect and respond to MEV threats early.
• Update strategy: Based on monitoring results and market shifts, refine your approach to maintain optimal protection.
OKX Web3 Wallet Security Team: We’ve distilled key points including:
1. Monitor depth and set slippage: Break large trades into smaller chunks, execute gradually, and apply slippage protection to reduce attack surface.
2. Use privacy-preserving nodes: Choose RPC endpoints with privacy features, such as Flashbots' private RPC, to prevent transaction exposure.
3. Use trusted wallets and apps: Stick to reputable wallets and applications offering MEV protection (e.g., OKX Wallet’s native DApp), and avoid unknown or unverified services.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News










