Gimbutis Silver (GXAG) and Gold (GXAU): both contracts return the same 7 on-chain risk flags

Wallpapers | May 22, 2026 | No comments

<a target="_blank" href="We pulled both Gimbutis Coin ERC-20 tokens through our analyzer this week and the results are worth flagging.Tokens analyzed:\- GXAG (silver): 0xea4bc384184a5ccb02a079ea76931c57732c5de4\- GXAU (gold): 0xf92a337927fc48d7c3300ca4b7e6a7d2b6103e43Both addresses are referenced inside the official [gimbutiscoin.com](http://gimbutiscoin.com) Next.js bundle (chunk 522), so this is the real project's deployment - not a brand-jack.Risk profile (identical for both):\- score: 70/100\- contract type: TransparentUpgradeableProxy\- flags: no\_dex\_pair, upgradeable\_proxy, hidden\_owner, suspicious\_assembly, unrestricted\_mint, mass\_deployer, mass\_funderThe fact that both tokens share the same 7 flags is the most important finding. This is a systematic design choice by the team, not a misconfigured single contract.What that combination actually means for a token that claims to be backed by physical silver or gold:\- unrestricted\_mint: no on-chain cap. The team can issue more tokens at any time, without an attestation oracle proving they hold more physical metal in custody.\- upgradeable\_proxy: the implementation contract can be swapped by the owner. What you audit today is not necessarily what runs tomorrow.\- hidden\_owner: the admin role is not the publicly stated team address. Could be a multisig, could be a personal wallet - no way to verify from on-chain data.\- no\_dex\_pair: no Uniswap V2/V3 liquidity. Trading is only possible inside the project's own app. Permissioned market, not free price discovery.Compare with the actual standard for metal-backed tokens:\- PAXG (Paxos Gold), XAUT (Tether Gold), AABBG, DGX - all non-upgradeable, all with public proof-of-reserves attestations, all with regulated custodian roles.Gimbutis Coin is a real operational project (3.5y domain, iOS + Android apps, active stream, full social presence). The team may have legitimate business reasons for these design choices (mobile-first UX, KYC-gated minting, dispute reversibility). But the contracts do not enforce the "backed 1:1 by physical metal" promise the way comparable products do.If you are considering acquiring GXAG or GXAU, the questions worth asking the team:Where is the proof-of-reserves attestation? Who audits the physical custody?Why upgradeable? Under what process can the implementation change?Who holds owner / admin? Multisig? Custodian?What restricts mint()? On-chain cap tied to attested reserves?Full breakdown with comparison to PAXG/XAUT: [https://rektradar.io/r/gxag-rd\](https://rektradar.io/r/gxag-rd)Not financial advice, just on-chain facts." title="Gimbutis Silver (GXAG) and Gold (GXAU): both contracts return the same 7 on-chain risk flags">full image</a> <strong> - Repost: Gimbutis Silver (GXAG) and Gold (GXAU): both contracts return the same 7 on-chain risk flags</strong> (<i>from Reddit.com, Gimbutis Silver (GXAG) and Gold (GXAU): both contracts return the same 7 on-chain risk flags</i>) <br><blockquote> We pulled both Gimbutis Coin ERC-20 tokens through our analyzer this week and the results are worth flagging.Tokens analyzed:\- GXAG (silver): 0xea4bc384184a5ccb02a079ea76931c57732c5de4\- GXAU (gold): 0xf92a337927fc48d7c3300ca4b7e6a7d2b6103e43Both addresses are referenced inside the official [gimbutiscoin.com](http://gimbutiscoin.com) Next.js bundle (chunk 522), so this is the real project's deployment - not a brand-jack.Risk profile (identical for both):\- score: 70/100\- contract type: TransparentUpgradeableProxy\- flags: no\_dex\_pair, upgradeable\_proxy, hidden\_owner, suspicious\_assembly, unrestricted\_mint, mass\_deployer, mass\_funderThe fact that both tokens share the same 7 flags is the most important finding. This is a systematic design choice by the team, not a misconfigured single contract.What that combination actually means for a token that claims to be backed by physical silver or gold:\- unrestricted\_mint: no on-chain cap. The team can issue more tokens at any time, without an attestation oracle proving they hold more physical metal in custody.\- upgradeable\_proxy: the implementation contract can be swapped by the owner. What you audit today is not necessarily what runs tomorrow.\- hidden\_owner: the admin role is not the publicly stated team address. Could be a multisig, could be a personal wallet - no way to verify from on-chain data.\- no\_dex\_pair: no Uniswap V2/V3 liquidity. Trading is only possible inside the project's own app. Permissioned market, not free price discovery.Compare with the actual standard for metal-backed tokens:\- PAXG (Paxos Gold), XAUT (Tether Gold), AABBG, DGX - all non-upgradeable, all with public proof-of-reserves attestations, all with regulated custodian roles.Gimbutis Coin is a real operational project (3.5y domain, iOS + Android apps, active stream, full social presence). The team may have legitimate business reasons for these design choices (mobile-first UX, KYC-gated minting, dispute reversibility). But the contracts do not enforce the "backed 1:1 by physical metal" promise the way comparable products do.If you are considering acquiring GXAG or GXAU, the questions worth asking the team:Where is the proof-of-reserves attestation? Who audits the physical custody?Why upgradeable? Under what process can the implementation change?Who holds owner / admin? Multisig? Custodian?What restricts mint()? On-chain cap tied to attested reserves?Full breakdown with comparison to PAXG/XAUT: [https://rektradar.io/r/gxag-rd\](https://rektradar.io/r/gxag-rd)Not financial advice, just on-chain facts. </blockquote> <hr><h3> <hr><strong>Mining:</strong> <br> <a title="Cryptotab browser" target="_blank" href="https://cryptotabbrowser.com/12/4000343"><u>Bitcoin</u>, Cryptotab browser</a> - <a title="Pi Network, CLOUD PHONEMINING" target="_blank" href="https://minepi.com/cusidore"><u>Pi Network</u> cloud PHONE MINING</a> <br><a title="Fone, CLOUD PHONE MINING" target="_blank" href="https://play.google.com/store/apps/details?id=com.cloud.earning"><u>Fone</u>, cloud PHONE MINING</a> cod. dhvd1dkx - <a title="Mintme, PC PHONE MINING" target="_blank" href="https://www.coinimp.com/invite/86d61388-18f9-4f8b-8561-8962c67e7166">Mintme, PC PHONE MINING</a> <hr><strong>Exchanges:</strong> <br> <a title="Coinbase.com" target="_blank" href="http://coinbase.com/join/occhip_8?src=android-link">Coinbase.com</a> - <a title="Stex.com" target="_blank" href="https://stex.com/?ref=27877494">Stex.com</a> - <a title="Probit.com" target="_blank" href="https://www.probit.com/r/46858290">Probit.com</a> <hr><strong>Donations:</strong> <br> <a title="Done crypto" target="_blank" href="https://commerce.coinbase.com/checkout/140e9bb6-c4ef-4156-92cf-9c87a88fd259">Done crypto</a> </h3><br><br>