A security alert has been issued by the GoPlus Chinese community regarding a potential theft from the x402 cross-chain protocol, nicknamed @402bridge. The contract’s creator, identified as 0xed1A, transferred ownership to the address 0x2b8F. This new owner then utilized the transferUserToken method within the contract to transfer the remaining USDC from all authorized user wallets. Before minting, users were required to authorize USDC to the @402bridge contract, leading to over 200 users losing their remaining USDC due to excessive authorization. A total of 17,693 USDC was transferred to the 0x2b8F address and subsequently converted into ETH before being moved through multiple cross-chain transactions to Arbitrum. Users who participated in this project are advised to revoke any related authorizations immediately. It is recommended that users verify the authorization address to ensure it corresponds with the official project address before granting permissions, authorize only the necessary amount, and avoid providing unlimited authorizations. Regular checks on authorizations and the cancellation of unnecessary ones are also strongly advised.