Coinbase’s push to stitch AI into everyday crypto activity is live — but early usage numbers suggest the market is still finding its footing.
Base, Coinbase’s Ethereum layer‑2, has launched Base MCP, a chat‑driven interface that lets AI agents perform on‑chain tasks from inside a conversation. The system plugs into large language models including Anthropic’s Claude and OpenAI’s ChatGPT, enabling users to transfer funds, swap tokens, check balances and pull up transaction history without leaving the chat window. Integrations include DeFi and crypto apps such as Morpho, Moonwell, Uniswap, Aerodrome, Avantis, Bankr and Virtuals.
Interactions happen through the agent, which proposes actions that users must approve via a separate wallet window; the agent does not have access to private keys. Lincoln Murr, Coinbase’s head of AI Product, described Base MCP to Fortune as “a wrapper on top of existing APIs” that keeps a user’s trade history and portfolio synced across both in‑agent and in‑app activity. Coinbase says every proposed transaction follows the same review flow as standard Base account requests, simulates asset changes before confirmation, and does not move funds without an explicit user approval.
One key element of the rollout is that Base MCP is expected to expand activity on x402, the agentic payment protocol Coinbase introduced in May 2025 to let AI agents handle small crypto payments and power a micro‑transaction economy. But adoption is nascent: x402 has processed only about $1.1 million in volume over the last 30 days, per x402scan — a reminder that the agentic payments market remains experimental.
That cautious usage level helps explain why security researchers are urging restraint. A recent paper co‑authored by Google and multiple universities argues AI agents should be treated as untrusted components, warning that adversaries can manipulate agents by embedding hidden or malicious instructions in the data they process. Those concerns have real precedents: developer platform Socket recently uncovered malware aimed at crypto developers that hijacked AI coding tools by injecting concealed instructions to alter behavior.
Supporters of Base MCP say the confirmation step — and simulated previews of asset changes — address the main risks of agentic workflows. Critics counter that prompt‑injection and similar attack vectors run deeper than any single guardrail, and that broader architectural and threat‑model changes will be needed before AI agents can be widely trusted to manage funds.
For now, Base MCP represents a major push toward conversational, agent‑driven crypto tooling. Its uptake and the x402 payments ledger will be closely watched as the industry balances the promise of seamless AI interactions against a still‑evolving security landscape.
Read more AI-generated news on: undefined/news
