diff --git a/backend/services/auth-service/src/domain/aggregates/user.aggregate.ts b/backend/services/auth-service/src/domain/aggregates/user.aggregate.ts
index 837965b1..39e24a72 100644
--- a/backend/services/auth-service/src/domain/aggregates/user.aggregate.ts
+++ b/backend/services/auth-service/src/domain/aggregates/user.aggregate.ts
@@ -251,10 +251,10 @@ export class UserAggregate {
   }
 
   /**
-   * 设置支付密码
+   * 设置支付密码（6位数字，使用独立的哈希逻辑，不走登录密码的格式验证）
    */
   async setTradePassword(newPlainPassword: string): Promise<void> {
-    const password = await Password.create(newPlainPassword);
+    const password = await Password.createWithoutValidation(newPlainPassword);
     this._tradePasswordHash = password.hash;
     this._updatedAt = new Date();
   }
diff --git a/backend/services/auth-service/src/domain/value-objects/password.vo.ts b/backend/services/auth-service/src/domain/value-objects/password.vo.ts
index dfb6f06d..7d84b17b 100644
--- a/backend/services/auth-service/src/domain/value-objects/password.vo.ts
+++ b/backend/services/auth-service/src/domain/value-objects/password.vo.ts
@@ -20,6 +20,14 @@ export class Password {
     return new Password(hash);
   }
 
+  /**
+   * 从明文密码创建（跳过格式验证，用于支付密码等有独立验证规则的场景）
+   */
+  static async createWithoutValidation(plainPassword: string): Promise<Password> {
+    const hash = await bcrypt.hash(plainPassword, Password.SALT_ROUNDS);
+    return new Password(hash);
+  }
+
   /**
    * 从已加密的 hash 重建
    */