Five Attacks on x402 Agentic Payment Protocol
Zelin Li, Qin Wang, Zhipeng Wang
TLDR
This paper identifies five practical attacks on the x402 agentic payment protocol, revealing critical vulnerabilities in its design and implementation.
Key contributions
- Presents five concrete, practical attacks targeting the x402 agentic payment protocol.
- Exposes weaknesses in authorization, binding, replay protection, and web-layer handling.
- Attacks validated on local chains, Base Sepolia, live endpoints, and three open-source SDKs.
- Demonstrates attacks can cause unpaid service or paid-but-denied outcomes, and proposes mitigations.
Why it matters
The x402 protocol aims to enable web-native micropayments, combining HTTP authorization with blockchain settlement. This paper exposes critical security flaws in its design and implementation, which could lead to financial losses for users or service providers. Understanding these vulnerabilities is crucial for securing future agentic payment systems and preventing widespread exploitation.
Original Abstract
The x402 protocol revives the HTTP 402 Payment Required status code to enable web-native micropayments across APIs, content, and agents. It combines synchronous HTTP authorization with asynchronous blockchain settlement and introduces a cross-layer attack surface absent from conventional web and on-chain payments. In this paper, we formally analyze x402 and empirically show that it is vulnerable in both design and implementation. We present five concrete attacks that reveal weaknesses in authorization, binding, replay protection, and web-layer handling, showing that x402 is vulnerable across multiple stages of the payment workflow. We validate these attacks through a reproducible testbed on local chains, Base Sepolia, and live endpoints and further audit three open-source SDKs and endpoints. Our results show that all five attacks are practical and can cause either unpaid service or paid-but-denied outcomes. We also propose practical mitigations.
📬 Weekly AI Paper Digest
Get the top 10 AI/ML arXiv papers from the week — summarized, scored, and delivered to your inbox every Monday.