GoPlus Security's report finds numerous early tokens built on the x402 open payment protocol contain critical flaws (unlimited minting, owner withdrawal, allowance bypasses, signature-replay) and have already been exploited. GoPlus AI audited 30+ tokens and flagged multiple high-risk projects (FLOCK, x420, U402, MRDN, PENG, x402Token, x402b, x402MO, H402). Incidents include an Oct. 28 exploit that drained USDC from over 200 wallets and Hello402's unlimited minting/liquidity failure. The report urges stronger security checks as the x402 ecosystem expands.

GoPlus audited 30+ x402-based tokens and identified critical vulnerabilities (unlimited minting, owner withdrawal, allowance bypasses, signature-replay) that have already caused real losses, including an Oct. 28 exploit that drained USDC from 200+ wallets and Hello402's unlimited minting/liquidity failure; these concrete exploits and token-level minting/withdrawal flaws are likely to trigger sell pressure and immediate risk for affected tokens.