Base launches MCP tool to connect crypto wallets to AI agents
In brief
- Base MCP enables AI agents to transfer funds, swap tokens, and check balances with mandatory user confirmation
- Protocol integrates Morpho, Moonwell, Uniswap, Aerodrome, Avantis, Bankr, and Virtuals
- All transactions simulated and reviewed before execution; agents cannot access private keys
- Base MCP expands adoption of x402 protocol, Coinbase's agentic AI payment standard
How Base MCP Works
Base MCP allows users to ask AI agents to execute transactions across the Base ecosystem. When an agent proposes an action in chat, the Base wallet opens in a new window where users can review and confirm or cancel the transaction. Every transaction goes through the same review flow as any Base account request, with asset changes simulated before execution.
The security model is strict. The agent does not have access to private keys, and every action must be confirmed by the user. This design prevents unauthorized transactions even if an agent is compromised.
Protocol Integration and Adoption
The tool can interact with crypto protocols including Morpho, Moonwell, Uniswap, Aerodrome, Avantis, Bankr and Virtuals. Base MCP is designed to expand adoption of the x402 protocol, an agentic AI payment standard Coinbase launched in May 2025. The x402 protocol processed $1.1 million in volume over the past 30 days, indicating early traction for the payment standard.
Lincoln Murr, head of AI Product for Coinbase, emphasized the portability of user accounts across different AI interfaces. "Unlike siloed agentic wallets that only live in a terminal, your Base Account travels with you—trades, history, and portfolio sync whether you're in-agent or in the Base App," he told Fortune. Murr also described MCP as a "nice wrapper" on top of APIs that enables a new micro-transaction economy where agents can make tiny payments in crypto.
Security Considerations
The launch comes as researchers emphasize caution around AI agent security. A recent research paper from Google and leading universities stated that AI agents should be treated as an untrusted system component. Researchers warned that AI agents should clearly distinguish between instructions and untrusted data to avoid attackers duping the agent by hiding malicious instructions. The developer platform Socket has already discovered malware targeting crypto developers by injecting hidden instructions to hijack AI coding assistants, underscoring the real-world risk.
