GoPlus: x402 cross-chain protocol @402bridge suspected of being hacked, reminding users not to over-authorize

ChainCatcher message, GoPlus Chinese community issued a security alert, the x402 cross-chain protocol @402bridge is suspected to be stolen. The Creator of the contract starting with 0xed1A transferred the Owner to the address 0x2b8F, and then the new Owner called the transferUserToken method in the contract to transfer all remaining USDC from authorized user wallets.

Before minting, USDC must be authorized to the @402bridge contract, which led to over two hundred users losing their remaining USDC due to excessive authorization. The address 0x2b8F transferred a total of 17,693 USDC from users, and then exchanged the USDC for ETH, which was subsequently transferred across multiple chains to Arbitrum. It is recommended that users who have participated in this project revoke related authorizations as soon as possible; remind users to check whether the authorized address is the official address of the interactive project before authorizing, only authorize the necessary amount, and avoid unlimited authorization; and regularly check authorizations to revoke unnecessary ones.