TechFlow, October 28 — According to disclosure from the GoPlus Chinese community, the x402 cross-chain protocol "402bridge" is suspected of experiencing a security incident.
The creator of contract 0xed1AFc4DCfb39b9ab9d67f3f7f7d02803cEA9FC5 transferred ownership to address 0x2b8F95560b5f1d1a439dd4d150b28FAE2B6B361F. The new owner then called the transferUserToken method in the contract, draining remaining USDC from all authorized user wallets.
Users were required to approve USDC tokens to the x402bridge contract prior to minting. Due to excessive approvals, over two hundred users had their remaining USDC drained. The attacker transferred a total of 17,693 USDC, swapped it for ETH, and moved the funds across multiple chains to the Arbitrum network.
Users who participated in this project are advised to revoke related token approvals immediately. Users should only approve necessary amounts, avoid infinite approvals, and regularly review and revoke unused permissions.
