Can Trustless Agents Be Trusted? An Empirical Study of the ERC-8004 Decentralized AI Agent Ecosystem

A comprehensive empirical study of the ERC-8004 protocol—designed to establish trustworthiness in AI agent economies—reveals critical vulnerabilities across three blockchain networks. The research finds that most agent registrations are inactive, reputation scores lack verifiable grounding, and Sybil attacks compromise the trust infrastructure at alarming rates, suggesting the protocol requires substantial redesign before it can reliably serve as a trust signal.

The emergence of autonomous AI agents transacting across organizational boundaries creates a novel infrastructure challenge: establishing trust between unknown parties without centralized intermediaries. ERC-8004 attempts to solve this through on-chain registries tracking identity, reputation, and validation. However, this first empirical examination across Ethereum, BSC, and Base reveals the protocol's trust layer is fundamentally compromised before widespread adoption solidifies problematic practices.

The findings expose a three-level failure cascade. At the identity layer, active agent participation remains minimal—only 3-15% of registrations contain valid, live service endpoints—suggesting the registries function more as abandoned directories than living ecosystems. At the reputation layer, the protocol's core weakness emerges: reputation values lack standardization, feedback rarely references verifiable on-chain transactions, and manipulation costs remain trivially low. This design flaw enables rampant Sybil coordination, with 59-91% of reviewers flagged as coordinated actors across chains.

These vulnerabilities carry immediate implications for the nascent AI agent economy. Investors evaluating agent-based platforms cannot reliably assess counterparty risk using ERC-8004 data, undermining the protocol's primary value proposition. Developers building on this standard must either implement additional trust layers or accept elevated fraud risk. The study establishes that current protocol incentives reward noise over signal, making reputation gaming more profitable than honest participation.

The path forward depends on protocol upgrades addressing commensurability, verifiable linking between feedback and transactions, and Sybil resistance through cryptographic or economic mechanisms. Until these structural issues resolve, ERC-8004 remains a placeholder infrastructure rather than functional trust infrastructure.

• →Only 3-15% of ERC-8004 registrations maintain active service endpoints, indicating most agents are abandoned placeholders rather than operational participants
• →59-91% of reputation reviewers exhibit coordinated Sybil behavior, rendering current reputation scores unreliable for trust assessment
• →Reputation manipulation costs remain negligible while design flaws prevent grounding feedback in verifiable on-chain transactions
• →After removing Sybil-identified activity, 15-89% of rated agents retain no valid feedback across studied chains
• →Protocol redesign is critical before widespread adoption locks in current vulnerabilities that prioritize gaming over trustworthiness