Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
402Bridge posted on X to alert users that a token theft incident had occurred. The technical team is investigating the entire process and advised all users to immediately revoke existing authorizations and transfer their assets out of their wallets. According to available information, the x402 cross-chain protocol 402Bridge was likely compromised after the contract ownership was transferred by the original creator to address 0x2b8F.... More than 200 users lost their remaining USDC due to excessive token approval amounts, with the attacker’s address (starting with 0x2b8F9) stealing a total of 17,693 USDC. The stolen funds were then swapped for ETH and bridged to Arbitrum through multiple cross-chain transactions. 402Bridge later confirmed that, due to a private key leak, several of the team’s test wallets and the main wallet were also compromised. Attack method (per SlowMist): Private Key Leakage. Reported loss: $ 17,693.
- chain
- arbitrum
- protocol
- 402Bridge
- bug_class
- private-key
- date_occurred
- 2025-10-28
- loss_usd
- $17,693
- source_id
- sm:402bridge::2025-10-28