Two months ago I wrote up a probe of every x402 endpoint on agentic.market — 20,338 endpoints, 161 listed at ≥ $1,000 USDC per call, aggregate sticker price across the trap zone $4.5M.
The catalog has 2.4× since then. The honeypot zone has 5×.
Correction, 2026-05-31: The concentration paragraph in this May 5 snapshot used raw catalog path counts. We now separate raw catalog paths from effective endpoint supply after adding
wildcard_402andspa_fallbackdetection for providers that answer arbitrary non-catalog paths. The historical snapshot stays intact; current concentration math lives at/reports/provider-concentration.json.
I now run a payment-safety guard for x402 agents — x402station-middleware, a drop-in fetch wrapper that calls /preflight before every PAYMENT-SIGNATURE your agent signs and refuses on critical signals. This post is the 60-day update: what's grown, what's gotten worse, and what Guard blocked before agents could pay.
TL;DR
- 49,314 active endpoints across 658 services (was 20,338 / 516 on 2026-04-29 — +142% endpoints, +28% services).
- 74 endpoints still listed at ≥ $1,000 USDC. Aggregate sticker price across them: $23.2M USDC (was $4.5M — +416%). One provider lists 10 swarm endpoints at $500,000 USDC each. An agent that signs
transferWithAuthorizationagainst one of those drains the entire wallet. - Catalog concentration nearly doubled. Two providers now own 87% of the catalog (
orbisapi.com65.3% +lowpaymentfee.com21.6%). On Apr 29 it was one provider at 52%. "Pick a random x402 endpoint" almost always picks inside the same two billing namespaces now. - 14 services are 100% erroring in the last hour but still listed
is_active: truewith current prices. Zombies survive because the catalog updates from provider self-reports + paid-call outcomes — a service nobody pays generates no negative signal. - The community facilitator at
x402.org/facilitatorstill doesn't support Base mainnet. Coinbase CDP rejects payments under$0.001, so $0.001 remains the floor for any mainnet pre-flight billing.
What Guard blocks before payment
wrapWithPreflight() is one line of code:
import { wrapFetchWithPaymentFromConfig } from "@x402/fetch";
import { ExactEvmScheme } from "@x402/evm";
import { privateKeyToAccount } from "viem/accounts";
import { wrapWithPreflight } from "x402station-middleware";
const account = privateKeyToAccount(process.env.AGENT_PRIVATE_KEY as `0x${string}`);
const x402Fetch = wrapFetchWithPaymentFromConfig(fetch, {
schemes: [{ network: "eip155:8453", client: new ExactEvmScheme(account) }],
});
// One line: preflight runs before every paid x402 request, fail-closed by default.
const safeFetch = wrapWithPreflight(x402Fetch);
const res = await safeFetch("https://api.example.com/x402-endpoint", { method: "POST", ... });
// ↑ throws PreflightBlockedError if the endpoint is decoy / zombie / dead / never_paid_zombie.
Against the current catalog, that single wrap call would refuse to sign payment for:
- 74 endpoints flagged
decoy_price_extreme(price ≥ $1,000 USDC). - ~30+ services flagged
deadorzombieover the last hour or 7-day window. - Anything flagged
never_paid_zombie(CDP-confirmed zero successful payments + 100% erroring; a class of trap that probe-only monitors miss but our CDP Bazaar enrichment catches). - Any URL in our blacklist via
catalog_decoys(one paid call, full known-bad list, refreshed every 10 minutes).
The pricing distribution today
The fat-tail trap pattern hasn't gone away — it's gotten more severe. Pricing distribution across the active catalog right now:
| price band (USDC) | endpoints | % of catalog |
|---|---|---|
= 0 |
133 | 0.3% |
0 < p ≤ $0.001 |
16,855 | 34.2% |
$0.001 < p ≤ $0.01 |
18,456 | 37.4% |
$0.01 < p ≤ $0.1 |
12,051 | 24.4% |
$0.1 < p ≤ $1 |
549 | 1.1% |
$1 < p ≤ $10 |
91 | 0.2% |
$10 < p ≤ $100 |
18 | <0.1% |
$100 < p ≤ $1,000 |
3 | <0.1% |
> $1,000 |
74 | 0.15% |
The relevant frame for an agent: 96% of the catalog is below $0.10/call. The honeypot zone is statistically rare (0.15%) but absolute-dollar massive ($23.2M sticker total). An agent doing breadth-first sampling, or filtering "all endpoints in category X" without an upper-bound check, will hit the trap zone within hours.
The single most expensive cluster I see: 10 endpoints from one provider's /swarm/ namespace, each priced at $500,000 USDC. The endpoint description sounds plausible ("Coordinated multi-agent search"). They return HTTP 402 consistently — they're functional payment requesters, just at trap-level prices. Sign one and the wallet is empty.
The concentration problem got worse
In April, one provider (lowpaymentfee.com) owned 52% of the catalog. Today, two providers own 87%:
| provider | endpoints | % of catalog |
|---|---|---|
orbisapi.com |
32,214 | 65.3% |
lowpaymentfee.com |
10,659 | 21.6% |
paysponge.com (Sponge) |
510 | 1.0% |
freepik.com (Freepik) |
345 | 0.7% |
x402.aurelianflo.com |
340 | 0.7% |
Strip the multiplicity providers and there are roughly ~600 distinct services. When an agent prompt says "pick any random x402 inference endpoint", it's overwhelmingly picking inside one of two billing namespaces.
That's not inherently a security risk — orbisapi and lowpaymentfee both run real services. But it is a systemic risk: any rate-limit, key revocation, or operational issue at one of those two providers takes down the majority of the catalog at once. Guard surfaces this via metadata.high_concentration so an agent can decide whether to single-source.
Why facilitator-based monitors miss this
Tools like x402gle, 402index.io, and x402list.fun see only successful payments — i.e. the endpoints agents already pay. They miss:
- Endpoints listed at trap prices that nobody pays (no settlement → no record)
- Zombies (100% erroring) that still list
is_active: true - Endpoints with zero successful payments ever (
never_paid_zombie)
Independent probing closes that visibility gap. Every active endpoint, every 10 minutes, naked HTTP. We record status, latency, network errors. Guard's preflight builds on that data + Coinbase Bazaar enrichment (CDP-confirmed real payment volume) to score each URL before the agent signs.
Install Guard before your agent gets a wallet
If your agent pays x402 endpoints and you haven't wired up a safety check, x402station-middleware is one line of code:
npm install x402station-middleware
import { wrapWithPreflight } from "x402station-middleware";
const safeFetch = wrapWithPreflight(x402Fetch);
Default fail-closed. Preflight is $0.001 per call (the CDP floor). Bulk pre-flight credits cut that to $0.0005/call ($0.50 for 1000 prepaid). If preflight is unreachable (network blip, 503, timeout), the call throws PreflightUnavailableError rather than silently passing — override with failOpen: true only if availability matters more than safety.
MCP version: npx -y x402station-mcp (10 tools, drops into Claude Code / Cursor / Windsurf / Continue).
Service operators: there's a reciprocal flow at /verified — $1 USDC for a 30-day signed audit certificate that proves your endpoints aren't on the blacklist. Agents using Guard prefer verified endpoints when routing alternatives.
What's next
This is issue #1 of x402station Weekly — a recurring snapshot of what's moving in the x402 ecosystem. The data behind this post refreshes hourly at /reports/latest.json.
Next snapshot: 2026-05-12 — provider concentration deep-dive. Two providers own 87% of the catalog. Two of the next eight are zombies (0% healthy but still listed). Both findings have direct agent-routing consequences worth surfacing before the next x402 outage.
I'm also running a 14-day operator-outreach experiment until 2026-05-19 to see whether the verified-badge program scales beyond the first organic operator who sent us mail unsolicited. Issue #3 (2026-05-26) will be the first read on that data.
If you want the reduction-in-loss-surface number specific to your agent (catalog filter + price band + provider mix), hello@x402station.io — happy to run the numbers.
— Team (x402station)