---
title: "x402 grew 2.4× in 60 days. Its honeypot zone grew 5×. Here's what we blocked before agents could pay."
slug: x402-honeypot-zone-5x-in-60-days
canonical: https://x402station.io/blog/x402-honeypot-zone-5x-in-60-days
date: 2026-05-05
tags: [x402, agentic-commerce, ai-agents, payments, base, security]
---

Two months ago I wrote up [a probe of every x402 endpoint on agentic.market](https://dev.to/afx/we-probed-20338-x402-endpoints-161-are-agent-honeypots-4c3n) — 20,338 endpoints, 161 listed at ≥ $1,000 USDC per call, aggregate sticker price across the trap zone $4.5M.

The catalog has 2.4× since then. The honeypot zone has 5×.

> **Correction, 2026-05-31:** The concentration paragraph in this May 5 snapshot used raw catalog path counts. We now separate raw catalog paths from effective endpoint supply after adding `wildcard_402` and `spa_fallback` detection for providers that answer arbitrary non-catalog paths. The historical snapshot stays intact; current concentration math lives at `/reports/provider-concentration.json`.

I now run a payment-safety guard for x402 agents — `x402station-middleware`, a drop-in fetch wrapper that calls `/preflight` before every `PAYMENT-SIGNATURE` your agent signs and refuses on critical signals. This post is the 60-day update: what's grown, what's gotten worse, and what Guard blocked before agents could pay.

## TL;DR

- **49,314 active endpoints** across **658 services** (was 20,338 / 516 on 2026-04-29 — **+142%** endpoints, +28% services).
- **74 endpoints** still listed at **≥ $1,000 USDC**. Aggregate sticker price across them: **$23.2M USDC** (was $4.5M — **+416%**). One provider lists 10 swarm endpoints at **$500,000 USDC each**. An agent that signs `transferWithAuthorization` against one of those drains the entire wallet.
- **Catalog concentration nearly doubled.** Two providers now own **87% of the catalog** (`orbisapi.com` 65.3% + `lowpaymentfee.com` 21.6%). On Apr 29 it was one provider at 52%. "Pick a random x402 endpoint" almost always picks inside the same two billing namespaces now.
- **14 services are 100% erroring** in the last hour but still listed `is_active: true` with current prices. Zombies survive because the catalog updates from provider self-reports + paid-call outcomes — a service nobody pays generates no negative signal.
- The community facilitator at `x402.org/facilitator` still doesn't support Base mainnet. Coinbase CDP rejects payments under `$0.001`, so $0.001 remains the floor for any mainnet pre-flight billing.

## What Guard blocks before payment

`wrapWithPreflight()` is one line of code:

```ts
import { wrapFetchWithPaymentFromConfig } from "@x402/fetch";
import { ExactEvmScheme } from "@x402/evm";
import { privateKeyToAccount } from "viem/accounts";
import { wrapWithPreflight } from "x402station-middleware";

const account = privateKeyToAccount(process.env.AGENT_PRIVATE_KEY as `0x${string}`);
const x402Fetch = wrapFetchWithPaymentFromConfig(fetch, {
  schemes: [{ network: "eip155:8453", client: new ExactEvmScheme(account) }],
});

// One line: preflight runs before every paid x402 request, fail-closed by default.
const safeFetch = wrapWithPreflight(x402Fetch);

const res = await safeFetch("https://api.example.com/x402-endpoint", { method: "POST", ... });
// ↑ throws PreflightBlockedError if the endpoint is decoy / zombie / dead / never_paid_zombie.
```

Against the current catalog, that single wrap call would refuse to sign payment for:

- **74 endpoints** flagged `decoy_price_extreme` (price ≥ $1,000 USDC).
- **~30+ services** flagged `dead` or `zombie` over the last hour or 7-day window.
- **Anything flagged `never_paid_zombie`** (CDP-confirmed zero successful payments + 100% erroring; a class of trap that probe-only monitors miss but our CDP Bazaar enrichment catches).
- Any URL in our blacklist via `catalog_decoys` (one paid call, full known-bad list, refreshed every 10 minutes).

## The pricing distribution today

The fat-tail trap pattern hasn't gone away — it's gotten more severe. Pricing distribution across the active catalog right now:

| price band (USDC) | endpoints | % of catalog |
|---|---:|---:|
| `= 0` | 133 | 0.3% |
| `0 < p ≤ $0.001` | 16,855 | 34.2% |
| `$0.001 < p ≤ $0.01` | 18,456 | 37.4% |
| `$0.01 < p ≤ $0.1` | 12,051 | 24.4% |
| `$0.1 < p ≤ $1` | 549 | 1.1% |
| `$1 < p ≤ $10` | 91 | 0.2% |
| `$10 < p ≤ $100` | 18 | <0.1% |
| `$100 < p ≤ $1,000` | 3 | <0.1% |
| **`> $1,000`** | **74** | **0.15%** |

The relevant frame for an agent: **96% of the catalog is below $0.10/call**. The honeypot zone is statistically rare (0.15%) but absolute-dollar massive ($23.2M sticker total). An agent doing breadth-first sampling, or filtering "all endpoints in category X" without an upper-bound check, will hit the trap zone within hours.

The single most expensive cluster I see: **10 endpoints from one provider's `/swarm/` namespace, each priced at $500,000 USDC.** The endpoint description sounds plausible ("Coordinated multi-agent search"). They return `HTTP 402` consistently — they're functional payment requesters, just at trap-level prices. Sign one and the wallet is empty.

## The concentration problem got worse

In April, one provider (`lowpaymentfee.com`) owned 52% of the catalog. Today, two providers own 87%:

| provider | endpoints | % of catalog |
|---|---:|---:|
| `orbisapi.com` | 32,214 | **65.3%** |
| `lowpaymentfee.com` | 10,659 | **21.6%** |
| `paysponge.com` (Sponge) | 510 | 1.0% |
| `freepik.com` (Freepik) | 345 | 0.7% |
| `x402.aurelianflo.com` | 340 | 0.7% |

Strip the multiplicity providers and there are roughly **~600 distinct services**. When an agent prompt says "pick any random x402 inference endpoint", it's overwhelmingly picking inside one of two billing namespaces.

That's not inherently a security risk — orbisapi and lowpaymentfee both run real services. But it is a **systemic risk**: any rate-limit, key revocation, or operational issue at one of those two providers takes down the majority of the catalog at once. Guard surfaces this via `metadata.high_concentration` so an agent can decide whether to single-source.

## Why facilitator-based monitors miss this

Tools like `x402gle`, `402index.io`, and `x402list.fun` see only successful payments — i.e. the endpoints agents already pay. They miss:

- Endpoints listed at trap prices that nobody pays (no settlement → no record)
- Zombies (100% erroring) that still list `is_active: true`
- Endpoints with zero successful payments ever (`never_paid_zombie`)

Independent probing closes that visibility gap. Every active endpoint, every 10 minutes, naked HTTP. We record status, latency, network errors. Guard's `preflight` builds on that data + Coinbase Bazaar enrichment (CDP-confirmed real payment volume) to score each URL before the agent signs.

## Install Guard before your agent gets a wallet

If your agent pays x402 endpoints and you haven't wired up a safety check, [`x402station-middleware`](https://www.npmjs.com/package/x402station-middleware) is one line of code:

```bash
npm install x402station-middleware
```

```ts
import { wrapWithPreflight } from "x402station-middleware";
const safeFetch = wrapWithPreflight(x402Fetch);
```

Default fail-closed. Preflight is $0.001 per call (the CDP floor). Bulk pre-flight credits cut that to $0.0005/call ($0.50 for 1000 prepaid). If preflight is unreachable (network blip, 503, timeout), the call throws `PreflightUnavailableError` rather than silently passing — override with `failOpen: true` only if availability matters more than safety.

MCP version: `npx -y x402station-mcp` (10 tools, drops into Claude Code / Cursor / Windsurf / Continue).

Service operators: there's a reciprocal flow at [`/verified`](https://x402station.io/verified) — $1 USDC for a 30-day signed audit certificate that proves your endpoints aren't on the blacklist. Agents using Guard prefer verified endpoints when routing alternatives.

## What's next

This is issue #1 of x402station Weekly — a recurring snapshot of what's moving in the x402 ecosystem. The data behind this post refreshes hourly at [`/reports/latest.json`](https://x402station.io/reports/latest.json).

**Next snapshot: 2026-05-12 — provider concentration deep-dive.** Two providers own 87% of the catalog. Two of the next eight are zombies (0% healthy but still listed). Both findings have direct agent-routing consequences worth surfacing before the next x402 outage.

I'm also running a 14-day operator-outreach experiment until 2026-05-19 to see whether the verified-badge program scales beyond the first organic operator who sent us mail unsolicited. Issue #3 (2026-05-26) will be the first read on that data.

If you want the reduction-in-loss-surface number specific to your agent (catalog filter + price band + provider mix), [`hello@x402station.io`](mailto:hello@x402station.io) — happy to run the numbers.

— Team (x402station)