TACEO, the company building software for secure computation on encrypted data, today releases a working implementation of confidential payments for x402, the open payment standard developed by Coinbase and Cloudflare and now governed by the Linux Foundation. The release is built on TACEO Merces, the team’s confidential-token protocol, and demonstrates that x402 does not need to broadcast every payment to be the internet’s payment layer.
The integration is live on Base Sepolia from today, with no waiting lights, gated partner programmes, or limited-access tiers. Any developer can build a confidential payment into their application in under five minutes using a public quickstart guide and software libraries. TACEO has also published a browser-based demo, so anyone – developer or not – can send a confidential x402 payment and see what stays protected on-chain.
x402 – the story so far:
Three developments in the past six weeks have brought x402 to the centre of payments and crypto infrastructure planning:
- The Linux Foundation launched the x402 Foundation on 2 April 2026, with founding members including Coinbase, Cloudflare, Stripe, Google, Microsoft, Visa, Mastercard, AWS, American Express, Circle and Shopify. Over 140 million x402 transactions have been processed to date, with annualised on-chain volume above $600 million.
- a16z crypto closed Crypto Fund 5 at $2.2 billion earlier this month, explicitly targeting payments infrastructure, stablecoins and AI-agent tooling.
- a16z general partner Ali Yahya named privacy “the most important moat in crypto”, arguing institutions will not scale on public-by-default blockchains.
The capital, the infrastructure and the thesis are converging on the same point: real businesses and autonomous agents need private payments on public rails.
The Hidden Privacy Gap:
x402 settles every payment as a standard ERC-20 transfer. The transaction amount is publicly visible on-chain, indefinitely, alongside the addresses involved and the timestamp. This is not a property most x402 users realise applies to them, because it is the opposite of how every familiar payment system works. Visa does not broadcast what each customer paid. Stripe does not publish a customer’s negotiated rate to the open web. The card on file at a SaaS provider does not expose monthly spend to competitors.
Standard x402 does. For an API provider, the consequence is exposed pricing, customer concentration and revenue trajectory, all of which competitors can extract from a block explorer. For an enterprise running autonomous agents, each agent making thousands of x402 payments per day produces a public map of internal operations: which vendors are used, how often, and at what cost. Neither is acceptable for production B2B flows.
The latent demand is already at internet scale. Cloudflare is serving over a billion HTTP 402 responses every day across its network, a figure its chief strategy officer Stephanie Cohen restated at Consensus Miami earlier this month. The gap between that demand and the much smaller on-chain volume is, in large part, the privacy gap.
What TACEO Merces brings to x402:
TACEO Merces uses multi-party computation and zero-knowledge proofs to make x402 payments confidential. From today, transaction amounts and account balances are encrypted: cryptographic commitments are stored on-chain in place of plaintext values. Selective disclosure is built in, so auditors and regulators can verify what they need to verify without seeing user data. Full privacy for sender and receiver addresses is documented on the protocol roadmap and is already working in the broader Merces stack outside the x402 integration.
The integration sits as a drop-in payment scheme alongside x402’s existing “exact” scheme, with the same HTTP request-response cycle and the same developer experience. On-chain proof verification runs at approximately 300,000 gas, roughly eight times cheaper than heavyweight zero-knowledge alternatives that exceed the average x402 payment in gas costs alone. Zero-knowledge proof generation runs in around 60 milliseconds in-browser, which is fast enough for real-time machine-to-machine payments. Confidential x402 is also compatible with AgentKit, so proof-of-human verification and confidential payment ride the same x402 round-trip.
The cryptography depends on no trusted hardware and no single operator. Computation is distributed across independent nodes on the TACEO Network, including operators at Nethermind and the Czech Technical University in Prague.
Lukas Helminger, CEO and co-founder, TACEO, commented: “x402 is the most serious attempt to put a payment layer into the internet since the original HTTP specification reserved that status code thirty years ago. The piece it has been missing is privacy. No business runs payroll, treasury or B2B flows on rails where every counterparty and every competitor can see every payment. People expect the same level of confidentiality from x402 that they already get from a credit-card transaction. With TACEO Merces we now have a working implementation that delivers exactly that, with the same developer experience x402 already offers, no trusted hardware, and no migration to a new chain.”
Now Live, What’s Next:
The full Confidential x402 system is operational on Base Sepolia from today, enabled by a 3-party MPC network, facilitator, on-chain contracts and a public faucet. The integration is open-source and registered as a standard x402 scheme through the @x402/evm SDK, the same way x402’s existing “exact” scheme is registered. Settlement currently runs on Base testnet to demonstrate what is possible, and TACEO can support settlement on other chains where there is demand.
TACEO Merces itself has been live for confidential payments since November 2025, with an operational dashboard from launch and an updated compliance dashboard from March 2026. The protocol’s full academic specification, including a universal-composability security proof and 300 transactions-per-second benchmarks across roughly five million demo transactions, is now on the Cryptology ePrint Archive as paper 2026/850, authored by Daniel Escudero, Florian Lugstein, Christian Rechberger, Verena Schröppel and Roman Walch.
