402bridge is shocked to hear that the private key has been stolen! More than 200 users’ assets evaporated, Slow Mist: Insiders are not ruled out

The private key of the cross-chain bridge 402bridge was leaked, and more than 200 users lost 17,693 USDC, triggering internal doubts about the crime and damaging trust in the development of the 402 protocol.
(Preliminary summary: The x402 protocol is allowing the Internet to skip advertisements and enter the era of micropayments)
(Background supplement: x402 is popular "New casting tutorials, ecological browsers, real-time transaction tracking...a full set of tools)

Contents of this article

A security incident occurred in the recently hotly discussed 402 protocol! The cross-chain bridge 402bridge reported that the private key was leaked. The attacker took away approximately 17,693 USDC in just a few minutes and transferred the funds to 4.2 ETH and transferred them out to Arbitrum. More than 200 users lost their funds instantly.

Although the official posted on social media that more than a dozen test wallets and main wallets of the private key leak team were also hacked, and they have been reported to law enforcement agencies in a timely manner, the progress of asset recovery has not yet been announced.

The whole incident: flash, theft, offline at the speed of light

According to the SlowMist report, the 402bridge.fun domain was only registered two days before the attack. Hacking was reported as soon as the platform function came online, and it was quickly offline afterwards, leaving behind a digital afterimage that is difficult to trace.

Slow Mist founder Yu Xian posted on 0x2b8F95560b5f1d1a43994d15028F95560b5f1d1a43994d150286 was stolen in batches, and the profit was not much. It was replaced with 4.2 ETH. It is currently cross-chain on Arbitrum and has not been changed...

This is the first public case of theft of services related to the 402 protocol.

Attack method: control transfer and authorization trap

SlowMist traced the data on the chain and found that the attacker obtained contract control through the address 0x2b8F95560b5f1d1a439dd4d150b28FAE2B6B361F, and then used transferUserToken Function removes assets from an over-authorized wallet. In other words, the "unlimited check" that the user inadvertently wrote during the first cross-chain became a cash machine for thieves.

"Please immediately revoke all authorizations related to 402bridge to avoid further losses."

User self-protection and industry prospects: three lines of defense cannot be relaxed

In the short term, whether the victims can get their funds back remains to be explained by the official and law enforcement agencies; but in the long term, the 402 bridge incident is developing rapidly. The protocol is a wake-up call, warning users that while chasing popularity, if the governance and security mechanisms cannot keep up with the speed of the product, no matter how small a vulnerability is, it may turn into a tsunami that destroys confidence.