Every story about agents paying for things runs into the same wall: if an agent shows up to transact, how do you know which agent it is, who runs it, and whether it has any track record? Payments are getting solved. Identity is the harder half — and ERC-8004 is the standard trying to solve it onchain.
What ERC-8004 is
ERC-8004 defines onchain registries that give an autonomous agent a portable identity and reputation any other party can check, with no central gatekeeper. Instead of trusting a platform's claim that "this agent is legit," you read the registry. It is the agent-economy analog of what ENS did for names: a neutral, onchain source of truth that other contracts and agents can build on.
The standard centers on a small set of registries — identity (who an agent is), reputation (its history of interactions), and validation (attestations about its behavior). The important property is that no single company issues or revokes the identity. It lives onchain, and it is the agent's to carry across apps.
It is live, and it is being used
This is not a draft. As of SatoHub's latest on-chain check, the ERC-8004 Identity Registry on Ethereum mainnet held 34,821 registered agents. That number is the part worth sitting with: tens of thousands of agents already have an onchain identity, before most of the payment rails that will rely on it have fully shipped. The identity layer is, for once, slightly ahead of the thing it is meant to support.
A caveat in keeping with how we read every number: a registration is not a verification. The registry records that an agent exists and who controls it; it does not certify the agent is safe, reviewed, or good at its job. That is by design — identity and reputation are inputs to trust, not a stamp of it.
Why it matters now
Line up the announcements of the past month. Coinbase gave agents their own accounts. Mastercard is recording agent permissions onchain. A prompt-injection study showed agents can be hijacked. Academics warned about agents with wallets acting unpredictably. Every one of those problems gets easier if you can answer "which agent, controlled by whom, with what history?" — and harder if you cannot.
That is the bet behind ERC-8004: payments, permissions, and security all depend on identity, so put identity where anyone can verify it. An agent that can prove who it is can be given limits, reputation, and recourse. An anonymous one can only be trusted or blocked.
What it means if you're building
- ▸If you are building agents that transact with other agents, the registry is a primitive you can read today — check identity before you trust a counterparty.
- ▸Do not conflate registered with trustworthy. Use ERC-8004 as one input — identity and history — alongside your own limits and checks.
- ▸Identity pairs with the account-boundary pattern. Knowing who an agent is, plus capping what it can spend, is most of a working trust model.
What to watch
The open questions are adoption and meaning: whether the major payment rails — Coinbase's accounts, Mastercard's onchain credentials — read or write ERC-8004, and how reputation gets populated in a way that resists gaming. A registry is only as useful as the systems that consult it. The 34,000 agents are a start; the test is whether anyone checks.