Is GoPlus free to use?

Yes, the web interface and basic API are free. Premium API tiers exist for high-volume integrations (DEX backends, wallet apps). Individual users almost never hit free limits.

Does GoPlus support Solana memecoins?

Yes, Solana support added in 2024. GoPlus is one of the few cross-chain scanners that covers Solana — many Solana-only memecoin checks rely on RugCheck.xyz instead. Use both for important plays.

How does GoPlus detect honeypots?

Static analysis of the contract bytecode for known honeypot patterns. They also run simulated buy and sell transactions against a forked chain to confirm trades execute as expected — a token that fails the simulated sell is flagged.

Can a clean GoPlus result mean the token is safe?

It means the contract is technically clean — no malicious code. The team could still rug-pull off-chain (drain liquidity, dump on community). Always pair contract checks with team / liquidity / holder checks.

What chains does GoPlus support in 2026?

100+ chains including Ethereum, BNB Chain, Polygon, Arbitrum, Optimism, Base, Avalanche, Fantom, Solana, Tron, and most major L2s. Coverage updates monthly.

Should I use GoPlus for tokens listed on Coinbase / Binance?

Probably overkill — major CEX listings have already passed extensive due diligence. GoPlus is more valuable for tokens you find via DexScreener or Twitter where listing standards are zero.

Can GoPlus check NFTs?

Yes, the NFT Security API covers approval phishing, hidden mint functions, and other NFT-specific risks. Slightly less mature than the token API but improving.

What's the difference between GoPlus and a contract audit?

GoPlus is automated static analysis — fast, free, catches known patterns. A formal audit (Certik, Trail of Bits, OpenZeppelin) is manual line-by-line review — slow, expensive, finds custom bugs. For a 60-second check, GoPlus is the right tool.

GoPlus Token Security Check — 2026 Guide

What is GoPlus and why is it the standard?

GoPlus Security was founded in 2021 to solve a specific problem: crypto users had no easy way to know if a smart contract was malicious before interacting with it. Their API ingests every token contract on supported chains (Ethereum, BNB Chain, Polygon, Arbitrum, Base, Solana, and 100+ others), runs 30+ static analyses, and returns a structured risk report.

Today most major DEX aggregators (Uniswap, 1inch, Jupiter) call GoPlus before showing a token to users. The free web tool at gopluslabs.io/token-security gives you the same data directly — no API key needed. For Solana memecoins where new tokens launch hourly, GoPlus is often the difference between catching a 100× and getting drained.

How to run a GoPlus check in 30 seconds

The fastest way to vet any new token:

Copy the token's contract address from DexScreener, DexTools, or wherever you spotted it. Always copy from a reliable source — many scams post fake contract addresses in Telegram and Twitter.
Go to gopluslabs.io/token-security.
Pick the correct chain from the dropdown (Ethereum, BNB Chain, Solana, etc.). Wrong chain = wrong result.
Paste the contract address. The report loads in 2-5 seconds.
Scan the top section first — 'Token Security Risk' summary shows a count of critical/high/medium/low flags. Any 'critical' flag = stop, do not buy.
Drill into individual flags if you want to understand the risk. Most users only need the summary.

The GoPlus flags that should make you walk away

Some flags are deal-breakers. If you see any of these, the token is almost certainly a trap:

is_honeypot: 1 — the contract has logic that prevents selling. You can buy but never sell. 100% loss guaranteed.
buy_tax > 10% or sell_tax > 10% — the contract takes a huge cut on every trade. Some honeypots use 99% sell tax to make selling appear possible but unprofitable.
transfer_pausable: 1 — owner can pause transfers at any time, freezing your position when you most need to sell.
is_mintable: 1 with mintable_to wallet — owner can mint unlimited tokens, diluting your share to zero overnight.
owner_change_balance: 1 — owner can change any wallet's balance arbitrarily. Effective backdoor.
hidden_owner: 1 — ownership is obfuscated, often via a 'proxy' contract. Owner can change without on-chain visibility.
selfdestruct: 1 — contract can be deleted entirely. Funds inside are lost on call.

Flags that are 'concerning' but not always deal-breakers

Some flags are legitimate for specific use cases — for example, owner_can_pause is normal for properly governed stablecoins (USDC has it, by design). Context matters:

is_anti_whale: max wallet/max transaction limits. Common in fair-launch memecoins; not a scam signal by itself.
trading_cooldown: short cooldown after buying. Anti-bot mechanism. Annoying but not necessarily malicious.
is_proxy: contract is upgradeable. Bad for trustless tokens, fine for centralized stablecoins.
lp_holders_locked / lp_burned: liquidity locked or burned. Locked LP for >6 months is positive. Unlocked LP on a memecoin is a major red flag.
creator_percent > 5%: creator holds large share. Acceptable for blue-chips, concerning for memecoins.
owner_change_tax: owner can change tax rates. Often used legitimately (DAOs vote to lower tax) but can be abused.

Three real examples — what reports look like

Blue chip (USDC on Ethereum): 0 critical, 0 high, 0 medium. Some 'attention' flags for centralized control (Circle can blacklist addresses) — by design.

Borderline altcoin (random new DeFi token): 0 critical, 1 high (creator holds 8%), 2 medium (proxy contract, owner can update tax). Not necessarily a scam but you'd want LP-lock proof and team doxxing before sizing into.

Confirmed honeypot (random Solana memecoin from a Telegram pump group): is_honeypot=1, sell_tax=99%. Walk away. Even if you see 'verified trades' showing wins on DEX charts, those are wash trades — real users can't exit.

GoPlus vs Honeypot.is vs Token Sniffer — when to use which

All three are free token scanners but emphasize different checks. GoPlus has the broadest chain support and the most detailed report. Honeypot.is specializes in honeypot detection via simulated transactions — it actually tries to buy and sell on a fork to confirm. Token Sniffer gives a 1-100 risk score with simpler explanations, good for beginners.

Recommended workflow for any new token: GoPlus first (broad scan), then Honeypot.is if any concerning flag (confirm via simulated trade), then Token Sniffer if you need a quick risk-score sanity check. If any of the three flag a red, walk away — no exceptions.

How to read GoPlus's risk score (and why scores can lie)

GoPlus assigns each token a security score 0-100. Higher = safer. But the score is a heuristic — it can miss social-engineering scams that don't show up in contract code. A 95-score memecoin with a fake-doxxed team can still rug. The score tells you the contract is technically clean; it doesn't tell you the team is honest.

Treat the score as one signal among many. Combine with: (1) LP locked >6 months on Unicrypt/Team Finance; (2) team identity verifiable via past projects or Twitter; (3) trading volume on at least 2 DEXs (one-DEX-only tokens are higher rug risk); (4) holder distribution from Bubble Maps.

Common scams GoPlus won't catch

GoPlus is a contract scanner. It can't catch off-chain scams:

Team rugpull. A clean contract + honest-looking team can still drain the LP and disappear. Mitigation: LP lock proof.
Wash trading. Fake volume to look popular. Mitigation: check holder distribution on Bubble Maps for many small wallets (real users) vs few large wallets (one wash-trader).
Twitter / Telegram impersonation. Scammer posts the contract address of a fake token mimicking a real upcoming launch. Mitigation: only trust contract addresses from official project sources.
Phishing via wallet approval. Not a token issue — happens after you click 'Approve' on a malicious DApp. Mitigation: read every signature carefully, use Rabby for transaction simulation.

GoPlus Token Security — How to Check If a Crypto Token Is a Scam (2026 Guide)