402bridge, the cross-layer protocol that builds upon the AI agent funds system x402, has been hacked, ensuing within the theft of $17,000 in USDC from greater than 200 victims.
That’s in response to crypto analyst PeckShield, which inspired 402bridge customers to revoke their allowances.
Pseudonymous X consumer “Ye in Web3” claims that after 402bridge’s contract was deployed, the non-public keys had been leaked. They had been then used to switch possession of the contract and drain customers who had beforehand accredited the contract to spend funds.
In simply 28 minutes, 227 customers had been affected.
402bridge added that the non-public leak led to the compromise of greater than a dozen of the crew’s take a look at and essential wallets.
The protocol beforehand confirmed that personal keys are saved on a server, which can have uncovered admin privileges.
Resulting from this non-public key leak, greater than a dozen of the crew’s take a look at and essential wallets have additionally been compromised (ex. screenshot beneath).
Now we have promptly reported the incident to legislation enforcement authorities and can preserve the group knowledgeable with well timed updates because the… pic.twitter.com/AZfgd1yWKG
— 402bridge (@402bridge) October 28, 2025
It mentioned, “If a hacker obtains the private key, they can take over those privileges and reassign user funds to carry out an attack.”
Nonetheless, Ye in Web3 was additionally suspicious that the entire affair could also be a rug pull coordinated by 402bridge.
Particularly, they questioned the validity of 402bridge’s shared screenshot, and requested why the contract would come with a characteristic permitting the contract proprietor to empty consumer funds.
For its half, 402bridge claims to have reported the incident to legislation enforcement authorities and is within the means of investigating and sharing particulars in regards to the assault.
The founding father of crypto safety agency SlowMist, Yu Xian, additionally claimed that “internal sabotage cannot be ruled out.” One such purple flag he highlighted was the truth that 402bridge had already encountered a theft two days after it was registered.
Xian additionally famous that this doesn’t suggest collective wrongdoing by the entire 402bridge crew, as “it’s not a typical rugpull.”
In keeping with Xian, “this is the first publicly known theft case related to 402 protocol services.”
What’s x402?
x402 is a cost protocol developed earlier this yr by Coinbase that may permit AI brokers, in addition to people, to pay for companies with out requiring an account or any authentication.
Much like the Hypertext Switch Protocol (HTTP) 404 that seems as an error when content material isn’t discovered, x402 is called after HTTP 402, one other error that shows “payment required.”
This HTTP wasn’t extensively adopted because it was made for use in a future the place microtransactions or digital money funds made via browsers are the norm. Coinbase claims to have revived the system.
The use circumstances of its x402 system embody:
API companies paid per request
Permitting AI brokers to autonomously pay for API entry
Paywalls for digital content material
Proxy companies that combination and resell API capabilities
Microservices and tooling monetized through microtransactions
The streamlining of cost companies inside AI additionally made floor as we speak when Sam Altman’s OpenAI introduced that it had built-in PayPal into its AI software program ChatGPT.
Customers will likely be allowed to seek for any companies or items via the AI program and use their linked PayPal pockets to make a purchase order.
