The x402 cross-chain protocol 402bridge was allegedly exploited after its contract creator transferred ownership to address 0x2b8F, which then invoked the transferUserToken function to drain USDC from authorized wallets, GoPlus said on October 28. Over 200 users lost funds due to excessive token approvals required for minting, with the attacker transferring 17,693 USDC before converting to ETH and bridging to Arbitrum through multiple cross-chain transactions. GoPlus advises users who interacted with the project to revoke approvals for contract address 0xed1AFc4DCfb39b9ab9d67f3f7f7d02803cEA9FC5, verify official addresses before authorization, limit approval amounts, and regularly audit active approvals.