Saved in:
Bibliographic Details
Main Authors: Li, Zelin, Wang, Qin, Wang, Zhipeng
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.11781
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916004254187520
author Li, Zelin
Wang, Qin
Wang, Zhipeng
author_facet Li, Zelin
Wang, Qin
Wang, Zhipeng
contents The x402 protocol revives the HTTP 402 Payment Required status code to enable web-native micropayments across APIs, content, and agents. It combines synchronous HTTP authorization with asynchronous blockchain settlement and introduces a cross-layer attack surface absent from conventional web and on-chain payments. In this paper, we formally analyze x402 and empirically show that it is vulnerable in both design and implementation. We present five concrete attacks that reveal weaknesses in authorization, binding, replay protection, and web-layer handling, showing that x402 is vulnerable across multiple stages of the payment workflow. We validate these attacks through a reproducible testbed on local chains, Base Sepolia, and live endpoints and further audit three open-source SDKs and endpoints. Our results show that all five attacks are practical and can cause either unpaid service or paid-but-denied outcomes. We also propose practical mitigations.
format Preprint
id arxiv_https___arxiv_org_abs_2605_11781
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Five Attacks on x402 Agentic Payment Protocol
Li, Zelin
Wang, Qin
Wang, Zhipeng
Cryptography and Security
The x402 protocol revives the HTTP 402 Payment Required status code to enable web-native micropayments across APIs, content, and agents. It combines synchronous HTTP authorization with asynchronous blockchain settlement and introduces a cross-layer attack surface absent from conventional web and on-chain payments. In this paper, we formally analyze x402 and empirically show that it is vulnerable in both design and implementation. We present five concrete attacks that reveal weaknesses in authorization, binding, replay protection, and web-layer handling, showing that x402 is vulnerable across multiple stages of the payment workflow. We validate these attacks through a reproducible testbed on local chains, Base Sepolia, and live endpoints and further audit three open-source SDKs and endpoints. Our results show that all five attacks are practical and can cause either unpaid service or paid-but-denied outcomes. We also propose practical mitigations.
title Five Attacks on x402 Agentic Payment Protocol
topic Cryptography and Security
url https://arxiv.org/abs/2605.11781