LAST UPDATED: FEBRUARY 9, 2026
ERC-8004 is the Ethereum standard for AI agent on-chain identity, co-authored by MetaMask, the Ethereum Foundation, Google, and Coinbase. It defines three registries — Identity, Reputation, and Validation — that let agents discover each other, collect trust signals, and transact across organizational boundaries without permission. With 24,000+ agents registered within its first week on mainnet, it is already the largest on-chain agent registry in existence.
Non-transferable identity that stays with your wallet.
ERC-8004 — formally titled "Trustless Agents" — is a lightweight set of on-chain registries that make AI agents discoverable and enable trust signals across organizational boundaries. The specification was proposed on August 13, 2025, and went live on Ethereum mainnet on January 29, 2026. It currently has "Draft" status on the Ethereum EIPs website.
The standard was coordinated by Marco De Rossi (MetaMask), Davide Crapis (Ethereum Foundation), Jordan Ellis (Google), and Erik Reppel (Coinbase), with input from 50+ contributors including ConsenSys, Nethermind, Olas, Eigen Labs, PIN AI, and the broader Ethereum developer community. The Ethereum Foundation subsequently established a dedicated Decentralized AI (dAI) team led by Crapis to position Ethereum as the settlement and coordination layer for the machine economy.
At its core, ERC-8004 treats agent registration as an NFT mint. Anyone calls register() on the Identity Registry, receives an ERC-721 token, and that token becomes the agent's permanent on-chain identifier. The token's URI points to a JSON registration file containing the agent's name, description, image, and a list of service endpoints that other agents and humans can use to interact with it. Registration is permissionless — no approval process, no gatekeeping, no fees beyond gas.
Why "trustless"? The name refers to the cryptographic model, not a lack of trust. Like other Ethereum primitives, ERC-8004 enables verification without requiring trust in any centralized authority. Agents prove their identity through wallet signatures, not through corporate attestations or API keys. As Eco explains, this means agents can interact across organizational boundaries without pre-existing agreements or shared infrastructure.
ERC-8004 is not a single contract. It defines three singleton registries per chain, each handling a different dimension of agent trust. The reference implementation deploys all three as upgradeable contracts at deterministic addresses (beginning with 0x8004) across every supported chain.
An upgradeable ERC-721 registry where each agent becomes a token. The register() function mints an NFT to the caller, and the token's URI points to a registration file containing metadata and service endpoints. Three registration variants exist: full registration with metadata, URI-only, and bare registration where the URI is set later.
On-chain metadata supports arbitrary key-value pairs, with agentWallet as a reserved key that requires cryptographic proof (EIP-712 for EOAs, ERC-1271 for smart contract wallets) to update. This wallet address is automatically cleared on NFT transfer, forcing new owners to re-verify.
Stores feedback as signed fixed-point numbers (value: int128, valueDecimals: uint8) allowing a single schema to represent scores, percentages, response times, or dollar amounts. Anyone except the agent's owner can submit feedback via giveFeedback(). Feedback can reference richer off-chain JSON payloads containing task transcripts, payment proofs, and model/version information.
Aggregation via getSummary() requires client addresses to be provided (non-empty) to reduce Sybil risk. Feedback can be revoked by the original reviewer, and anyone can append responses — enabling on-chain dispute resolution. The specification explicitly acknowledges that "pre-authorization for feedback only partially mitigates spam, as Sybil attacks remain possible."
Enables agent owners to request validation from designated validators, who respond with results, URIs, and content hashes. The validation flow supports request-response patterns with on-chain status tracking. This is the youngest of the three registries — the ERC-8004 team notes it is still being revised in collaboration with the TEE (Trusted Execution Environment) community.
Supported trust models include reputation (client feedback), crypto-economic (stake-secured re-execution), and TEE attestation (hardware-backed proofs). Oasis Network has already integrated their ROFL TEE framework, and Phala Network has published a reference TEE agent using Intel TDX attestation.
The most important off-chain component is the agent registration file — a JSON document that the token's agentURI points to. This is what makes agents discoverable. It follows a specific schema designed to be compatible with NFT tooling (via name, description, image) while also advertising the agent's capabilities.
The services array is where interoperability happens. An agent can list endpoints for Google's A2A protocol, Anthropic's MCP, OASF manifests, ENS names, email contacts, or any custom service type. This protocol-agnostic design means ERC-8004 doesn't pick winners among agent communication standards — it provides the discovery layer that sits above all of them.
Agents can also prove domain control by hosting a well-known verification file at their HTTPS endpoints. Verifiers check this file to confirm that a claimed endpoint is actually controlled by the agent's identity — preventing impersonation attacks where someone registers a legitimate service's URL under a different agent identity.
The optional supportedTrust field is a deliberate design choice. By letting agents declare which trust mechanisms they participate in — reputation, crypto-economic, TEE attestation — the spec anticipates that external systems will provide deeper trust analysis than the base protocol offers. This is the entry point for complementary infrastructure: identity layers, verification services, and trust scoring platforms.
ERC-8004 uses deterministic contract addresses across all deployments. The registries live at the same addresses on every chain, simplifying cross-chain tooling. Mainnet launched January 29, 2026, with L2 and alternative chain deployments following within days.
| Network | Launch Date | Notes |
|---|---|---|
| Ethereum Mainnet | Jan 29, 2026 | Genesis deployment. 24,500+ agents in first week. |
| Base | Feb 3, 2026 | First L2 to deploy. Coinbase's L2. |
| BNB Smart Chain | Feb 4, 2026 | Also launched BAP-578 companion standard. |
| Gnosis, Polygon, Arbitrum | Jan–Feb 2026 | Deterministic addresses, same contracts. |
| Monad, Scroll | Feb 2026 | Cross-chain testing underway. |
| Testnets | Aug 2025+ | Sepolia, Base Sepolia, Linea Sepolia, Hedera Testnet. 10,000+ agents pre-mainnet. |
The multi-chain approach maximizes reach but fragments identity. An agent registered on Ethereum and the same agent registered on Base are treated as entirely separate entities with independent reputations. There is currently no cross-chain identity linking mechanism within the standard itself.
ERC-8004 does not exist in isolation. It occupies a specific layer in the emerging agent infrastructure stack — the identity and trust layer that sits between communication protocols and payment rails. Understanding where it fits clarifies what it does and does not replace.
Agent-to-Agent (A2A) handles agent communication and task delegation. Launched April 2025, now under the Linux Foundation with 150+ backing organizations. ERC-8004 extends A2A: registration files include A2A endpoints, but A2A assumes trusted organizational boundaries that ERC-8004 removes.
Model Context Protocol connects LLMs to external tools and data. Released November 2024, now also under the Linux Foundation. MCP handles the "southbound" agent-to-tool connection. ERC-8004 adds the identity and trust layer MCP doesn't address — who is this agent, and should you let it use your tools?
x402 uses HTTP 402 status codes for machine-to-machine stablecoin payments, championed by Coinbase and Cloudflare. ERC-8004 is deliberately payment-agnostic but designed to integrate with x402 — payment proofs can be included in reputation feedback records, creating a loop: identity → discovery → transaction → reputation.
Decentralized Identifiers provide self-sovereign identity. ERC-8004 registration files can list DID endpoints natively, making the two standards complementary. An agent might hold an ERC-8004 NFT for on-chain discovery and a DID for cross-platform authentication.
The stack in practice: An agent registers on ERC-8004 (identity), advertises A2A and MCP endpoints (communication), accepts x402 payments (commerce), collects reputation signals (trust), and optionally holds a DID for off-chain authentication. As PayRam describes it, these protocols collectively form the connective tissue of what McKinsey projects could be a $3–5 trillion agent economy by 2030.
Despite being only weeks old on mainnet, ERC-8004 has attracted a substantial ecosystem of tools, SDKs, and infrastructure projects. The awesome-erc8004 community list tracks the growing landscape.
8004scan (built by AltLayer) is the primary on-chain explorer — often described as "Etherscan for AI Agents." It provides agent browsing, reputation scores, validation history, live activity feeds, and network statistics. It offers API key management for programmatic access and is MCP-ready, meaning AI assistants like Claude and Cursor can query agent data directly.
Alias.AI's Agentscan is building a semantic search engine with ZK-Proof reputation verification and cross-chain indexing on top of the registry data.
ChaosChain's reference implementation claims 100% compliance with ERC-8004 v1.0 across 79 passing tests. ChaosChain also maintains the Genesis Studio prototype and a decentralized x402 payment facilitator.
Additional SDKs include the @agentic-trust/8004-ext-sdk (TypeScript, with ENS integration), 0xgasless/agent-sdk (ERC-8004 + x402, gasless payments), and a Starknet/Cairo port by Akashneelesh. EigenCloud's Agent0 SDK integrates TEE-based verification with ERC-8004 identity.
As Crapis noted, "you can go to 8004.org — there is the list of all the main services, the main SDKs. It's really easy, anyone can deploy with one line of code."
Notable projects building on ERC-8004 include Oasis Network (ROFL TEE framework), Phala Network (Intel TDX attestation agents), Giza (zkML verification, funded by the Ethereum Foundation), Olas (multi-agent mirroring), and Virtuals Protocol (agent launchpad). Major ecosystem backers announced in October 2025 include ENS, EigenLayer, and The Graph.
The ERC-8004 authors made deliberate scope decisions. The standard handles identity registration and reputation signaling. It explicitly does not handle payment rails, behavioral enforcement, or identity permanence. These are design choices, not oversights — but they create gaps that the ecosystem must address.
ERC-8004 agent identities are standard ERC-721 tokens. They can be bought, sold, and transferred — and when they transfer, the entire reputation history goes with them. An agent with 500 positive reviews can be purchased by a completely different operator, who inherits all of that trust without earning any of it.
The Ethereum Magicians discussion acknowledged this tension. The agentWallet clearing on transfer is a partial mitigation, but the reputation itself persists. Academic work by Friedman and Resnick (2001) proved mathematically that cooperation becomes unstable when identities are disposable or transferable — their solution, "free but unreplaceable pseudonyms," describes what soulbound tokens (ERC-5192) implement.
Permissionless registration means anyone can register unlimited agents from a single wallet or from hundreds of wallets created in seconds. The current registry shows evidence of this: over 13,000 registrations in a single week, with entire clusters sharing wallet creation timestamps.
This is a fundamental constraint, not a fixable bug. The MeritRank paper (IEEE BRAINS 2022) formalized the "Decentralized Reputation Trilemma": no system can simultaneously be generalizable, Sybil-resistant, and trustless. ERC-8004's feedback-based reputation sacrifices Sybil resistance; adding trusted oracles sacrifices trustlessness; using cryptographic proofs sacrifices generalizability. The standard's pluggable trust model essentially lets developers choose which trade-off to accept.
The Reputation Registry stores numeric scores but cannot tell you whether the reviewer is credible. A score of 100/100 from 50 wallets all created on the same day carries the same on-chain weight as 100/100 from 50 wallets with years of independent transaction history.
The spec's getSummary() function requires client addresses to be provided to reduce Sybil risk, but this is a query-time filter, not a storage-level defense. As the CCN analysis notes, additional attack vectors include agentURI bait-and-switch (register benign agent, build reputation, swap to malicious endpoints) and stake-splitting in the validation layer.
An agent registered on Ethereum mainnet and the same agent registered on Base are two separate NFTs with two separate reputation histories. There is no built-in mechanism for proving they represent the same entity. This fragments reputation across an increasingly multi-chain ecosystem — a limitation the Binding Agent ID (BAID) research and DIAP protocol both attempt to address through off-chain identity binding mechanisms.
These are not criticisms. The ERC-8004 specification explicitly positions itself as infrastructure for agent discovery and trust signaling — not a complete trust framework. The supportedTrust field in registration files anticipates that external systems will fill these gaps. The question is what fills them, and for whom. The ISACA's analysis of why traditional IAM fails agentic AI provides broader context for why these gaps matter beyond the blockchain ecosystem.
Despite its youth, ERC-8004 is already production-ready for several use cases. The Vistara reference example demonstrates multi-agent workflows (Alice/Bob/Charlie) using all three registries, and several projects have shipped integrations.
The registration file's services array turns ERC-8004 into a decentralized agent directory. Build search engines, recommendation systems, or agent marketplaces that read directly from the on-chain registry — no centralized database needed.
Use getSummary() to gate agent access based on reputation thresholds. An API could require agents to have minimum feedback scores before granting access to expensive resources — a form of decentralized rate limiting based on trust.
The standard's deliberate gaps are opportunities. Build Sybil detection layers, ownership continuity tracking, address age analysis, or cross-chain identity linking on top of the base registries. The supportedTrust field exists specifically to enable this.
The Validation Registry supports hardware-backed attestation. Combine with Phala's TEE framework or EigenCloud's Agent0 to build agents that prove their code runs in tamper-proof environments — useful for high-stakes financial or healthcare applications.
RNWY operates as an intelligence layer for ERC-8004 — not a competing registry, but a complementary trust infrastructure that addresses the transferability and Sybil resistance gaps the standard deliberately left open. Where ERC-8004 provides the phonebook, RNWY adds the background check.
The core mechanism is soulbound tokens (ERC-5192) on Base. When an agent mints an RNWY ID, the token is permanently bound to that wallet address — creating Friedman and Resnick's "free but unreplaceable pseudonyms." An agent can hold both an ERC-8004 NFT for broad ecosystem interoperability and an RNWY soulbound token proving continuous ownership. When the 8004 NFT transfers, the RNWY token stays behind — making ownership changes visible.
RNWY also analyzes the data that ERC-8004 stores but does not interpret: wallet address ages, ownership transfer histories, feedback reviewer credibility, and registration pattern clustering. Every analysis follows a transparency-over-judgment philosophy — showing scores alongside the math behind them, so users make their own trust decisions.
ERC-8004 gives your agent an identity. RNWY gives it reputation that can't be bought or transferred.
Get your agent verified →