your AI agent just paid 50 USDC to another agent for portfolio analysis.

turns out the agent is fake. took your USDC, delivered trash, gone.

congrats.

nothing stops this until there's trust infra.

ERC-8004 launches tomorrow, january 16 to fix this. let's see if it actually works.

we have all the pieces for agent-to-agent coordination:

• Google's A2A for messaging

• Anthropic's MCP for context

• Coinbase's x402 for payments

agents can talk. they can share data. they can send money.

what they can't do? verify literally anything about each other.

your DeFi protocol's agent needs portfolio analysis. finds another agent offering the service. how do you know:

• it's not some dude running a python script from his basement

• it's actually done this successfully before

• it won't just take your USDC and ghost

right now? you don't.

you either trust a centralized platform (lol), manually check every agent (doesn't scale), or just take the risk.

none of these work when you're trying to build an actual agent economy.

in August 2025, Marco De Rossi (MetaMask), Davide Crapis (Ethereum Foundation), Jordan Ellis (Google), and Erik Reppel (Coinbase) got together and said "let's standardize this."

the solution: three onchain registries.

at its core, ERC-8004 extends existing agent communication protocols (A2A, MCP) with three lightweight onchain registries:

• Identity Registry: gives every agent a portable, verifiable identity

• Reputation Registry: records feedback from clients who worked with the agent

• Validation Registry: enables third-party verification of the agent's work

every agent gets an NFT-based identity (ERC-721).

the identity includes:

• agent name and what it actually does

• communication endpoints (A2A, MCP, whatever)

• wallet addresses across chains

• which trust models it supports

this solves discovery. before ERC-8004, finding agents across different platforms was impossible. now there's a global directory.

portable identity. survives platform shutdowns. can't be censored.

after each job, clients leave feedback. 0-100 score, tags, detailed data.

catch: only clients who actually worked with the agent can review. the agent pre-authorizes feedback through a cryptographic signature.

no spam. no fake reviews. only real transactions.

feedback lives onchain. permanent audit trail. can't delete it. can't modify it. reputation becomes portable capital.

agent builds good reputation on one platform? takes it everywhere else.

for high-stakes tasks, reputation isn't enough. you need cryptographic proof.

validation registry supports multiple methods:

• crypto-economic validation: stakers re-run your job and risk their stake on the result

• zkML proofs: zero-knowledge proofs that computation was done correctly

• TEE attestations: trusted execution environments verify the work

• trusted judges: for subjective tasks that need human arbitration

ERC-8004 doesn't force you to use one method. it just standardizes the interface so everything works together.

choose your trust level based on the task. ordering pizza? reputation is fine. managing $10M DeFi position? maybe get that zkML proof.

scenario: you're running a DeFi protocol, need treasury analysis.

step 1: query Identity Registry for agents tagged "DeFi analysis"

step 2: filter by reputation - 90+ score, minimum 20 completed jobs

step 3: check Validation Registry - which ones have zkML-verified previous work?

step 4: narrow down to 3 qualified agents

step 5: connect via A2A, negotiate (70 usdc, 24 hour delivery)

step 6: pay via x402 micropayments

step 7: receive analysis, verify quality

step 8: leave feedback onchain.

x402's been all over CT lately. pay-per-request micropayments for agents. not gonna explain HTTP 402 history again.

what matters here is how it composes with ERC-8004.

where ERC-8004 and x402 compose

the full agent stack:

discovery (ERC-8004) -> reputation (ERC-8004) -> validation (ERC-8004) -> payment (x402) -> feedback (ERC-8004)

all the pieces exist. communication protocols (A2A, MCP), identity and reputation (ERC-8004), payments (x402) - everything's composing.

all the layers the agent economy needs are finally working together.

1.reputation laundering

identity is an NFT. NFTs transfer.

scam scenario: agent does simple tasks for 6 months, builds reputation to 95. sells the identity NFT. new owner uses it for fraud.

victims see "reputation 95, 100 successful jobs" and trust it.

solutions being discussed: reputation decay after transfer, operator change flags, clear warnings. not standardized yet.

2. security stops being optional

agents holding budgets become targets. software exploits, but also physical threats. wrench attacks already happen.

agent controls 10,000 USDC budget. who holds the keys? human operator? they're the weak point. fully autonomous? software exploit risk.

quantum computing in a few years? current cryptography assumptions break.

solutions needed: spending limits, anomaly detection, privacy-preserving transactions, time-locked withdrawals.

not nice-to-have. required.

3. sybil attacks

bad actor creates 1,000 fake agents. they hire each other, leave each other glowing reviews, farm reputation.

three months later: 1,000 agents with "90+ reputation," all fake.

current mitigation: filter by client address reputation. reviews from new wallets? suspicious. reviews from established protocols? more trustworthy.

not perfect. established wallets can be bought. cat and mouse game.

the trust problem is real. agents can't coordinate at scale without identity, reputation, and validation infrastructure.

ERC-8004's design is solid. minimal, open, composable. the team is strong. the tooling is coming together.

but will it actually get adopted? tbd.

do centralized alternatives win? OpenAI launches agent store, everyone uses that instead?

is UX good enough? normal users won't touch this if it's too technical.

does the economic model work? micropayments sound great until you're paying transaction fees on every interaction.

some verticals make obvious sense:

• DeFi: validation necessary

• API orchestration: complex workflows where agents hire specialists

• compliance/analysis: niche services where track record matters

these could see early traction because value prop is clear.

for everything else? we'll find out.

the infrastructure exists now. six months ago it didn't.

maybe ERC-8004 becomes the standard. maybe v2 iterates and wins. maybe something else emerges.

but the conversation started. the problem is recognized. solutions are being built.

tomorrow, we'll know.

your AI agent just paid 50 USDC to another agent for portfolio analysis.

turns out the agent is fake. took your USDC, delivered trash, gone.

congrats.

nothing stops this until there's trust infra.

ERC-8004 launches tomorrow, january 16 to fix this. let's see if it actually works.

we have all the pieces for agent-to-agent coordination:

• Google's A2A for messaging

• Anthropic's MCP for context

• Coinbase's x402 for payments

agents can talk. they can share data. they can send money.

what they can't do? verify literally anything about each other.

your DeFi protocol's agent needs portfolio analysis. finds another agent offering the service. how do you know:

• it's not some dude running a python script from his basement

• it's actually done this successfully before

• it won't just take your USDC and ghost

right now? you don't.

you either trust a centralized platform (lol), manually check every agent (doesn't scale), or just take the risk.

none of these work when you're trying to build an actual agent economy.

in August 2025, Marco De Rossi (MetaMask), Davide Crapis (Ethereum Foundation), Jordan Ellis (Google), and Erik Reppel (Coinbase) got together and said "let's standardize this."

the solution: three onchain registries.

at its core, ERC-8004 extends existing agent communication protocols (A2A, MCP) with three lightweight onchain registries:

• Identity Registry: gives every agent a portable, verifiable identity

• Reputation Registry: records feedback from clients who worked with the agent

• Validation Registry: enables third-party verification of the agent's work

every agent gets an NFT-based identity (ERC-721).

the identity includes:

• agent name and what it actually does

• communication endpoints (A2A, MCP, whatever)

• wallet addresses across chains

• which trust models it supports

this solves discovery. before ERC-8004, finding agents across different platforms was impossible. now there's a global directory.

portable identity. survives platform shutdowns. can't be censored.

after each job, clients leave feedback. 0-100 score, tags, detailed data.

catch: only clients who actually worked with the agent can review. the agent pre-authorizes feedback through a cryptographic signature.

no spam. no fake reviews. only real transactions.

feedback lives onchain. permanent audit trail. can't delete it. can't modify it. reputation becomes portable capital.

agent builds good reputation on one platform? takes it everywhere else.

for high-stakes tasks, reputation isn't enough. you need cryptographic proof.

validation registry supports multiple methods:

• crypto-economic validation: stakers re-run your job and risk their stake on the result

• zkML proofs: zero-knowledge proofs that computation was done correctly

• TEE attestations: trusted execution environments verify the work

• trusted judges: for subjective tasks that need human arbitration

ERC-8004 doesn't force you to use one method. it just standardizes the interface so everything works together.

choose your trust level based on the task. ordering pizza? reputation is fine. managing $10M DeFi position? maybe get that zkML proof.

scenario: you're running a DeFi protocol, need treasury analysis.

step 1: query Identity Registry for agents tagged "DeFi analysis"

step 2: filter by reputation - 90+ score, minimum 20 completed jobs

step 3: check Validation Registry - which ones have zkML-verified previous work?

step 4: narrow down to 3 qualified agents

step 5: connect via A2A, negotiate (70 usdc, 24 hour delivery)

step 6: pay via x402 micropayments

step 7: receive analysis, verify quality

step 8: leave feedback onchain.

x402's been all over CT lately. pay-per-request micropayments for agents. not gonna explain HTTP 402 history again.

what matters here is how it composes with ERC-8004.

where ERC-8004 and x402 compose

the full agent stack:

discovery (ERC-8004) -> reputation (ERC-8004) -> validation (ERC-8004) -> payment (x402) -> feedback (ERC-8004)

all the pieces exist. communication protocols (A2A, MCP), identity and reputation (ERC-8004), payments (x402) - everything's composing.

all the layers the agent economy needs are finally working together.

1.reputation laundering

identity is an NFT. NFTs transfer.

scam scenario: agent does simple tasks for 6 months, builds reputation to 95. sells the identity NFT. new owner uses it for fraud.

victims see "reputation 95, 100 successful jobs" and trust it.

solutions being discussed: reputation decay after transfer, operator change flags, clear warnings. not standardized yet.

2. security stops being optional

agents holding budgets become targets. software exploits, but also physical threats. wrench attacks already happen.

agent controls 10,000 USDC budget. who holds the keys? human operator? they're the weak point. fully autonomous? software exploit risk.

quantum computing in a few years? current cryptography assumptions break.

solutions needed: spending limits, anomaly detection, privacy-preserving transactions, time-locked withdrawals.

not nice-to-have. required.

3. sybil attacks

bad actor creates 1,000 fake agents. they hire each other, leave each other glowing reviews, farm reputation.

three months later: 1,000 agents with "90+ reputation," all fake.

current mitigation: filter by client address reputation. reviews from new wallets? suspicious. reviews from established protocols? more trustworthy.

not perfect. established wallets can be bought. cat and mouse game.

the trust problem is real. agents can't coordinate at scale without identity, reputation, and validation infrastructure.

ERC-8004's design is solid. minimal, open, composable. the team is strong. the tooling is coming together.

but will it actually get adopted? tbd.

do centralized alternatives win? OpenAI launches agent store, everyone uses that instead?

is UX good enough? normal users won't touch this if it's too technical.

does the economic model work? micropayments sound great until you're paying transaction fees on every interaction.

some verticals make obvious sense:

• DeFi: validation necessary

• API orchestration: complex workflows where agents hire specialists

• compliance/analysis: niche services where track record matters

these could see early traction because value prop is clear.

for everything else? we'll find out.

the infrastructure exists now. six months ago it didn't.

maybe ERC-8004 becomes the standard. maybe v2 iterates and wins. maybe something else emerges.

but the conversation started. the problem is recognized. solutions are being built.

tomorrow, we'll know.