GoPlus: 402bridge suspected of being hacked, over 200 users have lost USDC due to excessive authorization

ChainCatcher message, GoPlus Chinese community issued a security alert, the x402 cross-chain protocol @402bridge is suspected to be stolen. The Creator of the contract starting with 0xed1A transferred the Owner to the address 0x2b8F, and then the new Owner called the transferUserToken method in the contract to transfer all remaining USDC from authorized user wallets.

Before minting, USDC must be authorized to the @402bridge contract, which caused more than two hundred users to have their remaining USDC transferred away due to excessive authorization. The address 0x2b8F transferred a total of 17,693 USDC from users, and then exchanged the USDC for ETH, which was subsequently transferred to Arbitrum through multiple cross-chain transactions. It is recommended that users who have participated in this project cancel the relevant authorizations as soon as possible; remind users to check whether the authorized address is the official address of the interactive project before authorizing, only authorize the necessary amount, and avoid unlimited authorization; and regularly check authorizations to cancel unnecessary ones.