Five Attacks on x402 Agentic Payment Protocol
For developers and users of the x402 payment protocol, the paper reveals critical design and implementation vulnerabilities that undermine payment integrity.
The paper analyzes the x402 protocol for web-native micropayments and demonstrates five practical attacks causing unpaid service or paid-but-denied outcomes, validated on local chains, Base Sepolia, and live endpoints.
The x402 protocol revives the HTTP 402 Payment Required status code to enable web-native micropayments across APIs, content, and agents. It combines synchronous HTTP authorization with asynchronous blockchain settlement and introduces a cross-layer attack surface absent from conventional web and on-chain payments. In this paper, we formally analyze x402 and empirically show that it is vulnerable in both design and implementation. We present five concrete attacks that reveal weaknesses in authorization, binding, replay protection, and web-layer handling, showing that x402 is vulnerable across multiple stages of the payment workflow. We validate these attacks through a reproducible testbed on local chains, Base Sepolia, and live endpoints and further audit three open-source SDKs and endpoints. Our results show that all five attacks are practical and can cause either unpaid service or paid-but-denied outcomes. We also propose practical mitigations.