402bridge Suffers Private Key Leak, Over 200 Users Lose USDC in Protocol Breach
Quick Breakdown
- GoPlus detected a suspected exploit on x402bridge, leading to $17,000 in USDC losses.
- The breach originated from a private key leak tied to the project’s backend system.
- 402bridge has paused operations and reported the incident to law enforcement.
GoPlus flags suspicious activity on 402bridge
Web3 security firm GoPlus Security has issued a warning about an apparent exploit affecting x402bridge, a cross-layer payment protocol under the x402 ecosystem. The firm’s Chinese social media account revealed that the incident led to more than 200 users losing their USDC following unauthorized token transfers.
The breach, detected on October 28, occurred shortly after the protocol launched on-chain. According to GoPlus, the exploit stemmed from excessive user authorizations that allowed malicious transfers of stablecoins directly from connected wallets.
1/ #x402 大坑❗️ 过度(无限)授权要你命……
x402跨链协议 @402bridge 疑似被盗,合约 0xed1AFc4DCfb39b9ab9d67f3f7f7d02803cEA9FC5 的 Creator 把 Owner转给了0x2b8F95560b5f1d1a439dd4d150b28FAE2B6B361F,然后新 Owner调用合约中 transferUserToken 方法转移所有已授权用户钱包剩余的USDC。… pic.twitter.com/hegqhap3Od
— GoPlus中文社区 (@GoPlusZH) October 28, 2025
Attack vector: ownership transfer and exploited privileges
Blockchain data shows that the contract creator (address beginning with 0xed1A) transferred ownership to another address (0x2b8F), effectively granting it administrative privileges. These permissions allowed the new owner to modify key contract settings and execute sensitive functions.
Shortly after taking control, the exploiter triggered the “transferUserToken” function — draining all remaining USDC from wallets that had granted approvals to the protocol. In total, approximately $17,693 worth of USDC was stolen before being swapped for ETH and later bridged to Arbitrum through multiple cross-chain transactions.
GoPlus and security experts warn users
GoPlus urged users to immediately revoke any active authorizations related to 402bridge and verify all approved contract addresses. The firm reminded the Web3 community to avoid granting unlimited token allowances and to regularly audit wallet authorizations to prevent similar incidents.
Following the exploit, 402bridge confirmed the breach was caused by a private key leak that compromised several team wallets, including test and main accounts. The protocol has since halted all operations, taken its website offline, and reported the incident to law enforcement authorities.
In an earlier technical post, the team explained that the x402 mechanism relies on a web interface where users approve transactions. These approvals are relayed to a backend server that requires the admin’s private key to execute contract methods — a setup that inadvertently exposed sensitive admin credentials online.
The compromise enabled the attacker to assume full administrative control, redirecting user funds to malicious addresses. In March GoPlus security was listed on Binance following HODLer airdrop distribution.
Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitcoin Updates: Swiss Crypto Lending Offers 14% Returns Alongside Bank-Backed Insurance
- Swiss crypto lender Fulcrum offers 14% APR on stablecoins with Lloyd's insurance and FINMA regulation. - Platform uses 50% LTV over-collateralization and institutional-grade security to mitigate market risks. - Targets inflation-hedging investors by bridging traditional finance gaps with insured crypto yields. - Competes with alternatives like Bitget's zero-interest loans but emphasizes regulatory compliance and capital preservation.
Bitcoin News Update: Analyst Highlights How MSTR's Convertible Bonds Prevent Forced Bitcoin Sales
- MSTR's convertible debt structure allows debt repayment via cash, stock, or both, avoiding Bitcoin sales during market downturns. - The company raised €350M through a 10% dividend-bearing euro-denominated preferred stock offering to fund Bitcoin purchases. - Q3 results showed $3.9B operating income from Bitcoin gains, driving a 7.6% stock surge to $273.68 post-earnings. - Risks persist if Bitcoin fails to rally in 2028, potentially forcing partial liquidation amid $1.01B 2027 debt obligations. - MSTR hol
Solana News Today: Solana ETFs Surpass Bitcoin as Staking Returns Attract Institutional Investments
- U.S. spot Solana ETFs (BSOL/GSOL) attracted $199M in 4 days, outperforming Bitcoin/Ethereum ETF outflows. - 7% staking yields drive institutional inflows as investors rotate capital from major crypto assets. - Despite ETF success, SOL price fell below key support levels, raising concerns about $120 price floor. - Strategic staking and treasury purchases boosted Solana's institutional appeal, with $397M in staked assets. - Market remains cautious as ETF competition intensifies, with Bitwise's BSOL outpaci
Bitcoin News Today: Bitcoin’s Fourth Quarter Surge: Impact of Trade Disputes, Stronger Dollar, and Evolving Global Economic Strategies
- Bitcoin fell nearly 15% in October 2024, its worst quarterly start since 2022, driven by U.S.-China trade tensions, dollar strength, and macroeconomic caution. - A 100% U.S. tariff on Chinese imports and Fed rate-cut delays exacerbated selloffs, triggering $1.3B in liquidations during a flash crash below $103,000. - Key support levels at $107,000 and $101,150 face retests as traders warn of further declines, with market cap dropping below $3.6T amid fragile liquidity. - Wintermute denied Binance lawsuit
Trending news
MoreCrypto prices
More
