402bridge, the cross-layer protocol that builds upon the AI agent funds system x402, has been hacked, ensuing within the theft of $17,000 in USDC from greater than 200 victims.
That’s in line with crypto analyst PeckShield, which inspired 402bridge customers to revoke their allowances.
Pseudonymous X person “Ye in Web3” claims that after 402bridge’s contract was deployed, the personal keys have been leaked. They have been then used to switch possession of the contract and drain customers who had beforehand accredited the contract to spend funds.
In simply 28 minutes, 227 customers have been affected.
402bridge added that the personal leak led to the compromise of greater than a dozen of the staff’s check and major wallets.
The protocol beforehand confirmed that personal keys are saved on a server, which can have uncovered admin privileges.
Resulting from this personal key leak, greater than a dozen of the staff’s check and major wallets have additionally been compromised (ex. screenshot beneath).
We have now promptly reported the incident to legislation enforcement authorities and can preserve the neighborhood knowledgeable with well timed updates because the… pic.twitter.com/AZfgd1yWKG
— 402bridge (@402bridge) October 28, 2025
It stated, “If a hacker obtains the private key, they can take over those privileges and reassign user funds to carry out an attack.”
Nevertheless, Ye in Web3 was additionally suspicious that the entire affair could also be a rug pull coordinated by 402bridge.
Particularly, they questioned the validity of 402bridge’s shared screenshot, and requested why the contract would come with a function permitting the contract proprietor to empty person funds.
For its half, 402bridge claims to have reported the incident to legislation enforcement authorities and is within the strategy of investigating and sharing particulars concerning the assault.
The founding father of crypto safety agency SlowMist, Yu Xian, additionally claimed that “internal sabotage cannot be ruled out.” One such crimson flag he highlighted was the truth that 402bridge had already encountered a theft two days after it was registered.
Xian additionally famous that this doesn’t indicate collective wrongdoing by the entire 402bridge staff, as “it’s not a typical rugpull.”
In accordance with Xian, “this is the first publicly known theft case related to 402 protocol services.”
What’s x402?
x402 is a cost protocol developed earlier this yr by Coinbase that might permit AI brokers, in addition to people, to pay for companies with out requiring an account or any authentication.
Just like the Hypertext Switch Protocol (HTTP) 404 that seems as an error when content material isn’t discovered, x402 is called after HTTP 402, one other error that shows “payment required.”
This HTTP wasn’t broadly adopted because it was made for use in a future the place microtransactions or digital money funds made by means of browsers are the norm. Coinbase claims to have revived the system.
The use circumstances of its x402 system embrace:
- API companies paid per request
- Permitting AI brokers to autonomously pay for API entry
- Paywalls for digital content material
- Proxy companies that mixture and resell API capabilities
- Microservices and tooling monetized by way of microtransactions
The streamlining of cost companies inside AI additionally made floor right this moment when Sam Altman’s OpenAI introduced that it had built-in PayPal into its AI software program ChatGPT.
Customers can be allowed to seek for any companies or items by means of the AI program and use their linked PayPal pockets to make a purchase order.
