Agentic AI is poised to transform the way users engage with their crypto wallets — especially in areas like trading and payments. Industry leaders in both AI and blockchain believe this technology can be secure, though it inevitably introduces new kinds of risks.
Just last week, crypto exchange Coinbase unveiled Payments MCP, a new tool that gives AI agents access to the same on-chain financial capabilities available to human users.
When integrated with large language models (LLMs) such as Claude, Gemini, or Codex, Coinbase’s new tool enables AI agents to autonomously access crypto wallets and execute payments, the Coinbase Developer Platform said in a statement.
Powered by Payments MCP, these AI agents can perform tasks like making payments, processing computations, retrieving paywalled data, tipping creators, and managing select business operations through the x402 protocol — an open, web-native payment standard that supports instant stablecoin transfers, according to Coinbase.
“This marks a new era of agentic commerce, where AI agents can actively participate in the global economy,” the Coinbase Developer Platform said.
Agentic AI in crypto can be safe — but with caveats
Aaron Ratcliff, attributions lead at blockchain intelligence firm Merkle Science, told Cointelegraph that granting an AI agent access to a crypto wallet introduces a layer of trust into a system built to be trustless.
He explained that such systems can be secure if designed properly, but ultimately, “the safety depends on the user.”
“Safe use depends on users who understand how to prompt and on the AI pulling blockchain data without hallucinating. It also depends on the trading credentials staying secure; if trading credentials leak, the damage writes itself.”
AI in your portfolio could introduce new security risks
A survey conducted in April by crypto data aggregator CoinGecko, which polled 2,632 crypto users, found that most investors are open to letting AI trade on their behalf — with 87% saying they’d trust AI agents to manage at least 10% of their crypto portfolios.
However, Ratcliff warned that integrating AI into portfolio management brings its own set of vulnerabilities that malicious actors could exploit. For example, prompt or instruction injection attacks could allow hackers to manipulate the AI’s behavior and take control of the system.
Other threats include man-in-the-middle attacks, where an attacker intercepts communications to steal data or redirect trades.
“The AI might also end up interacting with scam tokens, miss identifying honeypots or rug pulls, or handle slippage so poorly that it ends up burning users’ funds,” Ratcliff cautioned.
“I’d want proof that the AI can catch front-running, apply slippage limits, spot scam tokens, and audit contracts in real time before it makes a trade. It should also sandbox prompts, prevent injection, and block man-in-the-middle access.”
At the same time, Ratcliff noted that compliance gaps could also pose problems — for instance, if there are no safeguards preventing an AI from transferring funds to a sanctioned address or exchange.
Even with safeguards, users should stay vigilant
Speaking to Cointelegraph, Sean Ren, co-founder of AI-native blockchain platform Sahara AI, explained that Coinbase’s system employs model context protocols, which he described as “the gold standard for safety when configured correctly.”
“These protocols act as a gatekeeper between the AI model and your wallet,” Ren said. “The agent can only perform specific, pre-approved actions — such as checking balances or preparing a transaction for user confirmation — rather than moving funds or altering wallet settings independently.”
He added that these restrictions are built into the system’s design, so even if someone attempts a prompt injection attack, the AI cannot execute a transaction on its own.
However, Ren cautioned that “safer” doesn’t mean foolproof — users must still stay attentive to how their AI agents manage their portfolios.
“Users still need to stay alert, double-check what they’re approving, and never assume the agent’s doing the right thing automatically. You still have to review and sign transactions.”
AI agents are still in their early stages
Brian Huang, co-founder and CEO of Glider, an AI-powered crypto portfolio management platform, told Cointelegraph that while features like sending, swapping, and lending are solid starting points for AI agents, the technology is still in its infancy.
“These are basic tasks that can be done with a single click — you wouldn’t ask ChatGPT to Venmo your friends, right?” Huang said. “In many cases, using agents to perform these actions actually takes longer.”
“Agents, by contrast, are more like assistants, we all know DeFi is too complicated to participate in. These agents can help users get onboarded and feel guided through the process.”
Huang expects that more advanced capabilities — such as portfolio management, rebalancing, and personalized financial advice — will emerge next, representing more impactful use cases for AI agents.
“The level of customization agents can offer, and the sheer number of variables they can analyze, far exceed what any human advisor can deliver,” he said.
