Skip to main content
Sign in
402bridge1 decision on this page

Audit log

Every state-changing event for 402bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-29 17:14:48Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,981,707
    sig
    668xNkrYFh8F…HzjWTdRmexplorer ↗
    hash
    524scmXY5ztV…FzUDymiHsha256 → base58
    verifying row…full verify ↗
    canonical bytes (6714 B) ▸
    {"actor":"system:backfill","investigation_id":"5c8e3d41-3849-4e8a-9e6b-ea72d0befc93","kind":"publish","page_slug":"402bridge","published_at":"2026-05-29T17:14:48.675Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"402bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://superex.medium.com/the-explosion-of-the-x402-protocol-and-the-402bridge-security-incident-an-in-depth-analysis-of-12c909bed5f1","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/402bridge-hack-leads-to-over-200-users-drained-of-usdc/","type":"other","url":""},{"credibility":3,"name":"https://protos.com/402bridge-private-key-leaks-227-wallets-drained-in-minutes/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://protos.com/402bridge-private-key-leaks-227-wallets-drained-in-minutes/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/402bridge-hack-leads-to-over-200-users-drained-of-usdc/","type":"other","url":""},{"credibility":3,"name":"https://coinstats.app/news/d964dfbe80e937c47aba3ad4414ba4d7cf122e11433fc343e0748f466697e8aa_Over-200-users-lose-USDC-in-x402bridge-hack-as-GoPlus-flags-privatekey-breach/","type":"other","url":""},{"credibility":3,"name":"https://www.kucoin.com/news/flash/402bridge-hack-drains-over-200-users-of-17-693-in-usdc","type":"other","url":""},{"credibility":3,"name":"https://getfailsafe.com/402bridge-exploit-security-alert/","type":"other","url":""},{"credibility":3,"name":"https://x.com/402bridge/status/1983042581190853022","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.panewslab.com/en/articles/17ffaa3c-2beb-4cd3-b95c-33e26af7567c","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605034172","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605034218","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605057036","type":"other","url":""},{"credibility":3,"name":"https://superex.medium.com/the-explosion-of-the-x402-protocol-and-the-402bridge-security-incident-an-in-depth-analysis-of-12c909bed5f1","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2025/11/17/goplus-security-highlights-key-risks-in-x402-crypto-projects/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://protos.com/402bridge-private-key-leaks-227-wallets-drained-in-minutes/","type":"other","url":""},{"credibility":3,"name":"https://www.panewslab.com/en/articles/17ffaa3c-2beb-4cd3-b95c-33e26af7567c","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605034172","type":"other","url":""},{"credibility":3,"name":"https://getfailsafe.com/402bridge-exploit-security-alert/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cryptotimes.io/2025/11/17/goplus-security-highlights-key-risks-in-x402-crypto-projects/","type":"other","url":""},{"credibility":3,"name":"https://coinpedia.org/news/goplus-issues-urgent-warning-on-x402-tokens-as-exploits-hit-hundreds-of-users/","type":"other","url":""},{"credibility":3,"name":"https://coinfomania.com/x402%E2%80%90ecosystem%E2%80%90goplus%E2%80%90risk/","type":"other","url":""},{"credibility":3,"name":"https://superex.medium.com/the-explosion-of-the-x402-protocol-and-the-402bridge-security-incident-an-in-depth-analysis-of-12c909bed5f1","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/402bridge/status/1983042581190853022","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/amp/news/detail/12560605034383","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/402bridge-hack-leads-to-over-200-users-drained-of-usdc/","type":"other","url":""},{"credibility":3,"name":"https://forklog.com/en/402bridge-loses-over-17000-usdc/amp/","type":"other","url":""}]}],"sources_used":[],"summary":"402bridge (also written x402bridge) was a short-lived cross-chain bridge protocol built on the x402 HTTP payment standard, operating at 402bridge.fun. On October 28, 2025, approximately 13 hours after deployment, an attacker exploited a leaked admin private key to drain $17,693 in USDC from 227 user wallets in under 30 minutes; the protocol ceased operations immediately afterward and no user compensation has been announced. Security firm SlowMist noted that while the incident appeared consistent with a private key leak, the possibility of insider involvement could not be ruled out.","timeline":[{"date":"2025-10-26","event":"402bridge.fun domain registered, approximately two days before the protocol ceased service.","source":""},{"date":"2025-10-28","event":"402bridge protocol deployed on-chain; users began granting USDC allowances to contract 0xed1AFc4DCfb39b9ab9d67f3f7f7d02803cEA9FC5 in preparation for minting.","source":""},{"date":"2025-10-28","event":"Approximately 13 hours after deployment, admin private key compromised. Contract ownership transferred to attacker address 0x2b8F95560b5f1d1a439dd4d150b28FAE2B6B361F.","source":""},{"date":"2025-10-28","event":"Attacker calls transferUserToken function, draining 17,693 USDC from 227 user wallets within 28 minutes. Stolen USDC converted to ETH and bridged to Arbitrum.","source":""},{"date":"2025-10-28","event":"GoPlus Security Chinese community issues first public alert about abnormal asset transfers from x402bridge.","source":""},{"date":"2025-10-28","event":"PeckShield issues advisory urging users to revoke USDC allowances to the compromised contract.","source":""},{"date":"2025-10-28","event":"402bridge team publishes statement on X confirming private key leak, reporting to law enforcement, and acknowledging team wallets were also compromised.","source":""},{"date":"2025-10-28","event":"SlowMist's Yu Xian (Cosine) states the attack was caused by private key leakage and notes insider involvement cannot be ruled out; characterizes this as the first publicly known theft linked to x402 protocol services.","source":""},{"date":"2025-10-28","event":"402bridge.fun website taken offline. Protocol ceases operations.","source":""},{"date":"2025-11-17","event":"GoPlus Security publishes audit findings covering 30+ x402 ecosystem projects, finding the majority had at least one high-risk vulnerability; references 402bridge as the catalyst for the broader ecosystem security review.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 72ed4670-9c6f-43ea-8b61-7be6354723e0
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.