AI agents controlling crypto wallets enable autonomous trading and payments, as seen with Coinbase’s Payments MCP tool, but they introduce security risks like prompt injection if not properly managed. Executives emphasize building trustless systems with user oversight to mitigate potential exploits.
-
Agentic AI reshapes crypto interactions by allowing LLMs like Claude and Gemini to access wallets without API keys.
-
Coinbase’s Payments MCP facilitates instant stablecoin payments and business operations via the x402 protocol.
-
87% of crypto users in a CoinGecko survey are open to AI managing at least 10% of their portfolios, per April data.
Discover how AI agents controlling crypto wallets are transforming trading and payments. Learn risks, safeguards, and expert insights from blockchain leaders. Stay informed on agentic AI’s future in crypto security.
What Are AI Agents Controlling Crypto Wallets?
AI agents controlling crypto wallets refer to advanced artificial intelligence systems that autonomously interact with blockchain-based financial tools, such as sending payments or executing trades. Introduced by platforms like Coinbase through tools such as Payments MCP, these agents integrate with large language models (LLMs) like Claude, Gemini, and ChatGPT to handle on-chain activities without requiring traditional API keys. This development marks a shift toward agentic commerce, where AI can operate independently in the global economy while users maintain oversight.
How Safe Is Agentic AI for Managing Crypto Assets?
Agentic AI can enhance crypto wallet management if implemented with robust security measures, according to Aaron Ratcliff, attributions lead at blockchain intelligence firm Merkle Science. He notes that granting AI access to wallets introduces a layer of trust into inherently trustless systems, but safety hinges on proper system design and user vigilance. For instance, users must craft precise prompts to avoid AI hallucinations when pulling blockchain data, and trading credentials need ironclad protection to prevent leaks that could lead to significant losses.
Ratcliff highlights that while AI streamlines interactions, it also opens doors to vulnerabilities. Bad actors might exploit prompt injection to hijack instructions or launch man-in-the-middle attacks to intercept and redirect trades. Additionally, AI could inadvertently engage with scam tokens, fall into honeypot traps, or mishandle slippage, resulting in fund depletion. To counter these, effective AI systems should include real-time contract audits, slippage limits, front-running detection, and sandboxed prompts to block unauthorized access.
Compliance remains a concern, as unchecked AI might route funds to sanctioned addresses or prohibited exchanges. Ratcliff stresses that users bear ultimate responsibility, advocating for tools that enforce regulatory adherence without compromising efficiency. Data from an April CoinGecko survey of 2,632 users supports growing acceptance, with 87% comfortable delegating at least 10% of their portfolios to AI, underscoring the need for balanced innovation and caution.
Frequently Asked Questions
What Risks Come with AI Agents Controlling Crypto Wallets?
Key risks include prompt injection allowing unauthorized commands, man-in-the-middle attacks stealing trade data, and AI errors like interacting with rug-pulls or poor slippage management. Aaron Ratcliff from Merkle Science warns of compliance gaps, such as sending funds to sanctioned entities. Users should verify AI actions and use systems with built-in safeguards like real-time audits to minimize these threats, ensuring secure portfolio management.
How Does Coinbase’s Payments MCP Enable AI in Crypto Transactions?
Coinbase’s Payments MCP tool simplifies on-chain access for AI agents using the x402 protocol for instant stablecoin payments. It allows LLMs to handle wallets, on-ramps, and operations like tipping creators or retrieving paywalled data without API keys. As explained by the Coinbase Developer Platform, this setup promotes agentic commerce while restricting actions to approved functions, requiring user confirmation for transactions to maintain control.
Key Takeaways
- Empowerment through Autonomy: AI agents streamline crypto tasks like trading and payments, making DeFi more accessible via tools like Payments MCP.
- Security Imperative: While 87% of users trust AI for portfolio management per CoinGecko data, risks like prompt injection demand robust safeguards and user oversight.
- Future Potential: Experts like Brian Huang from Glider foresee advanced uses in rebalancing and personalized advice, urging early adoption with vigilance.
Conclusion
As AI agents controlling crypto wallets evolve, they promise to revolutionize how individuals and businesses engage with blockchain technology, from autonomous payments to sophisticated portfolio strategies. Insights from executives at Merkle Science, Sahara AI, and Glider highlight the importance of model context protocols and user diligence to navigate associated risks like injection attacks or compliance issues. With agentic AI still in its nascent stages, staying informed and implementing best practices will be crucial as this integration matures, potentially unlocking unprecedented efficiency in the crypto ecosystem.
AI and blockchain executives have shared their thoughts and concerns as AI agents take a step closer to potentially controlling one’s crypto wallets.
Agentic AI is likely to reshape how users interact with their crypto wallets in the future — particularly in trading and payments. While AI and blockchain executives note that it can be safe, it also won’t come without a new set of risks.
Last week, crypto exchange Coinbase announced its new tool, Payments MCP, which grants AI agents access to the same onchain financial tools used by people.
Announcing Payments MCP, the easiest way for AI agents to get onchain via x402. 🚀
It lets LLM models like Claude, Gemini, and ChatGPT gain access to onchain tools like wallets, onramp, and payments with no API key required. 🧵 pic.twitter.com/MSnIaecx0O
— Coinbase Developer Platform🛡️ (@CoinbaseDev) October 22, 2025
When the tool is paired with an LLM like Claude, Gemini and Codex, it allows them to access crypto wallets and make payments autonomously, the Coinbase Developer Platform said in a statement.
The AI agents powered by Payments MCP can pay for, compute, retrieve paywalled data, tip creators and manage certain business operations via the x402 protocol, an open, web-native payment protocol that facilitates instant stablecoin payments, according to the Coinbase Developer Platform.
“It marks a new phase of agentic commerce where AI agents can act in the global economy,” said the Coinbase Development platform.
Agentic AI in crypto can be safe
Aaron Ratcliff, the attributions lead at blockchain intelligence firm Merkle Science, told Cointelegraph that from a security standpoint, giving an AI agent access to your wallet adds a layer of trust to something designed to be trustless.
It can be safe if the system’s built correctly, but Ratcliff argues that “safety” ultimately rests with the crypto user.
“Safe use depends on users who understand how to prompt and on the AI pulling blockchain data without hallucinating. It also depends on the trading credentials staying secure; if trading credentials leak, the damage writes itself.”
AI in your portfolio can add extra security risks
An April survey of 2,632 crypto users from crypto data aggregator CoinGecko found that most users are comfortable with AI trading on their behalf; 87% said they would let AI agents manage at least a tenth of their crypto portfolio.
Ratcliff said there are some security risks that bad actors could exploit if AI is being used in one’s portfolio. Prompt or instruction injection could allow someone to hijack the system.
A man-in-the-middle attack, where the hacker inserts themselves between entities in a communication channel to steal data, could also redirect trades.
“The AI might also interact with scam tokens, miss honeypots or rug-pulls, or handle slippage so poorly it burns users’ funds,” Ratcliff added.
“I’d want proof that the AI can catch front-running, apply slippage limits, spot scam tokens, and audit contracts in real time before it makes a trade. It should also sandbox prompts, prevent injection, and block man-in-the-middle access.”
At the same time, Ratcliff believes compliance gaps could lead to issues, such as the absence of controls to prevent an AI from sending funds to a sanctioned address or an exchange.
Even if the AI has safeguards, still pay attention
Speaking to Cointelegraph, Sean Ren, co-founder of the AI-native blockchain platform Sahara AI, stated that in Coinbase’s case, the exchange’s tool utilizes model context protocols, “which are the gold standard for safety when set up correctly.”
“They essentially act as a gatekeeper between the AI model and your wallet. The agent can only perform specific, approved actions—such as checking balances or preparing a payment for you to confirm—rather than freely moving funds or changing wallet settings,” he said.
“Those actions are restricted by design, so even if someone tries to trick the AI through a prompt injection, for example, it can’t complete a transaction on its own,” Ren added.
However, Ren also said safer doesn’t mean foolproof, and users still need to pay attention to whatever the AI agent is doing with their portfolio.
“Users still need to stay alert, double-check what they’re approving, and never assume the agent’s doing the right thing automatically. You still have to review and sign transactions.”
Still early days for AI agents
Brian Huang, co-founder and CEO of Glider, a platform for AI-powered crypto portfolio management, told Cointelegraph that basic functionality, such as sending, swapping, and lending, is a great place to start with agents, but it’s still early days in the space.
Related: AI agents need crypto to operate in financial markets: Coinbase exec
“These are simple actions that can be done with a click — you’re not asking ChatGPT to Venmo your friends, right? Many of these actions take longer with agents,” he said.
“Agents, by contrast, are more like assistants, we all know DeFi is too complicated to participate in. These agents can help users get onboarded and feel guided through the process.”
Huang predicts that more sophisticated actions, such as portfolio management, rebalancing, and personalized financial advice, will likely follow and be more effective use cases.
“The customization that agents can provide here, the number of variables they can consider, is far superior to what any human can provide,” he said.
Magazine: How do the world’s major religions view Bitcoin and cryptocurrency?
