Claimed Regulation: None — Identity Hijacking
bnb402.org is a high-risk cryptocurrency scam that impersonates the legitimate x402 protocol (developed by Coinbase and Cloudflare). The platform utilizes 'technical-wash' marketing, stealing documentation and GitHub links from the official open-source project to create a false sense of authority. The primary goal of the site is to induce users to connect their cryptocurrency wallets to a malicious 'drainer' script under the guise of a 'Fair Mint' token launch.
| Platform Type | Crypto Drainer / Identity Hijack |
|---|---|
| Impersonated Project | x402 Protocol (Coinbase/Cloudflare) |
| Threat Vector | Malicious 'Connect Wallet' Script |
| Infrastructure | Domain Squatting (bnb402 vs x402) |
| Token Status | Fabricated 'Fair Mint' (100% fake) |
| Regulation Status | ⚠ DANGEROUS — Non-Custodial Theft |
| Known Domains | bnb402.org |
BNB402 is a malicious clone of a real open-source protocol. It is specifically designed to bypass browser security warnings and drain the contents of any wallet connected to its interface. It is not affiliated with Coinbase, Cloudflare, or the BNB Chain foundation. Interacting with this platform will result in the total loss of all digital assets within the connected wallet.
Our forensic investigation confirmed that bnb402.org is a tactical domain used to squat on the reputation of the x402 protocol. The site's HTML source code contains references to multiple third-party 'wallet-connect' libraries that have been modified to request unlimited spending permissions for USDT, USDC, and native tokens. This is a classic 'Permission Hijack' drainer that allows the attacker to move funds at any time after the initial connection.
The site's claim of a 'completed Fair Mint' is a psychological manipulation tactic. By showing a 100% completion bar, they encourage users to connect their wallets to 'check eligibility' for secondary airdrops or rewards. This FOMO-driven approach is highly effective in the decentralized finance (DeFi) space. We have tracked the associated drainer contracts to a cluster of addresses previously linked to romance-scam 'Pig Butchering' networks.
| Mint Fee | 0% (Bait) |
|---|---|
| Network Fee | Unlimited Allowance (Theft) |
| Recovery Fee | Total Wallet Balance |
I thought this was the real x402 project since they linked to the Coinbase GitHub. As soon as I connected my MetaMask to check for the airdrop, $4,500 in ETH and USDT was transferred out in one transaction. This is a total scam.
Be careful! The real protocol is at x402.org. This bnb402.org site is a fake mirror designed to steal your keys. They just copied the whitepaper and changed the domain. Report this site to Google Safebrowsing.
No. The official open-source protocol foundation is at x402.org. bnb402.org is an unauthorized clone used for phishing.
Use a tool like Revoke.cash immediately to cancel all unlimited allowances granted to the site. Move all remaining funds to a fresh, unconnected hardware wallet.
Crypto recovery depends on the destination of the stolen funds (e.g., if they were sent to a KYC-compliant exchange). Start a forensic blockchain trace with our analysts now →
Regulatory Authorities That Have Warned About BNB402 (402 Protocol)
Warned by: TrustedPI Forensic Audit, Blockchain Security Watchdog
Warning date: April 2026
Time is critical in fund recovery. Our forensic analysts specialize in tracing funds from unauthorized brokers. Contact us 24/7 for a confidential case evaluation.
Risk Warning: Trading involves significant risk and can result in the loss of your invested capital. This review is based on publicly available regulatory data and our own investigative analysis.
Regulatory Sources: This review references official warnings from TrustedPI Forensic Audit, Blockchain Security Watchdog. Always verify broker authorization through official regulatory websites before depositing funds.
Investigation Notice: If you have been a victim of BNB402 (402 Protocol), please contact our investigation team for a confidential case evaluation.