GoPlus Issues Urgent Warning on x402 Tokens as Exploits Hit Hundreds of Users

The x402 ecosystem has become one of the hottest new trends in crypto, but security experts are sounding the alarm. GoPlus Security, a leading blockchain risk-analysis platform, has released a detailed report showing that many early x402-based tokens carry severe security issues that could easily lead to user losses.

Now, traders are left wondering: is x402 the next breakthrough or the next big mistake?

What Exactly Is x402?

x402 is an open payment protocol inspired by the old Internet status code HTTP 402, Payment Required. The idea behind x402 is simple, i.e, allow apps, platforms, and wallets to send and receive small payments directly, without depending on traditional payment systems.

The protocol has gained huge attention because it is backed by major companies like Coinbase and Google, and its ecosystem has quickly expanded with new apps and hundreds of meme-style tokens.

This fast expansion, however, has created a new problem, security gaps everywhere.

Why Early x402 Projects Carry Major Risks

According to GoPlus, many early x402 tokens show the same worrying patterns seen in past exploit cases. AI security scans reveal issues like unlimited minting, excessive developer permissions, honeypot behaviors, and even signature-replay flaws, meaning attackers could reuse old approvals to drain wallets.

However, these problems are not theoretical, it’s the real incidents that have already happened. A cross-layer x402 protocol was exploited on October 28, draining USDC from over 200 wallets in one swift attack. 

Another project, Hello402, suffered from unlimited minting and liquidity failures, causing its token price to crash.

List of Token AI Flags High-Risk

GoPlus used its AI auditing engine to review 30+ x402 tokens across Binance Wallet, OKX Wallet, and community lists. And the following tokens were flagged as high-risk, each due to different critical vulnerabilities:

These include,

• FLOCK – Owner can extract any ERC20 tokens from contract.
• x420 – Tokens can be minted without any limits.
• U402 – Bond role can mint tokens freely.
• MRDN – Owner can withdraw any tokens from the contract.
• PENG – Special accounts can bypass allowance checks; the owner can drain ETH.
• x402Token – Allows bypassing token allowance approval.
• x402b – Owner can extract ETH; allowance bypass exists.
• x402MO – Same ETH-drain and allowance bypass issues.
• H402 (Old) – Functions allow unlimited minting and developer-controlled token creation.

For retail users and even experienced traders, these risks may not be visible until it’s too late.

As the ecosystem matures, proper security checks will be essential to protect early adopters and ensure long-term trust in x402-based projects.