AI agents want to handle your crypto wallet, but is it safe?

Agentic AI is likely to reshape how users interact with their crypto wallets in the future — particularly in trading and payments. While AI and blockchain executives note that it can be safe, it also won’t come without a new set of risks.

Last week, crypto exchange Coinbase announced its new tool, Payments MCP, which grants AI agents access to the same onchain financial tools used by people.

Announcing Payments MCP, the easiest way for AI agents to get onchain via x402. 🚀

It lets LLM models like Claude, Gemini, and ChatGPT gain access to onchain tools like wallets, onramp, and payments with no API key required. 🧵 pic.twitter.com/MSnIaecx0O

— Coinbase Developer Platform🛡️ (@CoinbaseDev) October 22, 2025

When the tool is paired with an LLM like Claude, Gemini and Codex, it allows them to access crypto wallets and make payments autonomously, the Coinbase Developer Platform said in a statement.

The AI agents powered by Payments MCP can pay for, compute, retrieve paywalled data, tip creators and manage certain business operations via the x402 protocol, an open, web-native payment protocol that facilitates instant stablecoin payments, according to the Coinbase Developer Platform.

“It marks a new phase of agentic commerce where AI agents can act in the global economy,” said the Coinbase Development platform.

Agentic AI in crypto can be safe

Aaron Ratcliff, the attributions lead at blockchain intelligence firm Merkle Science, told Cointelegraph that from a security standpoint, giving an AI agent access to your wallet adds a layer of trust to something designed to be trustless.

It can be safe if the system’s built correctly, but Ratcliff argues that “safety” ultimately rests with the crypto user.

“Safe use depends on users who understand how to prompt and on the AI pulling blockchain data without hallucinating. It also depends on the trading credentials staying secure; if trading credentials leak, the damage writes itself.”

AI in your portfolio can add extra security risks

An April survey of 2,632 crypto users from crypto data aggregator CoinGecko found that most users are comfortable with AI trading on their behalf; 87% said they would let AI agents manage at least a tenth of their crypto portfolio.

Ratcliff said there are some security risks that bad actors could exploit if AI is being used in one’s portfolio. Prompt or instruction injection could allow someone to hijack the system.

A man-in-the-middle attack, where the hacker inserts themselves between entities in a communication channel to steal data, could also redirect trades.

“The AI might also interact with scam tokens, miss honeypots or rug-pulls, or handle slippage so poorly it burns users’ funds,” Ratcliff added.

“I’d want proof that the AI can catch front-running, apply slippage limits, spot scam tokens, and audit contracts in real time before it makes a trade. It should also sandbox prompts, prevent injection, and block man-in-the-middle access.”

At the same time, Ratcliff believes compliance gaps could lead to issues, such as the absence of controls to prevent an AI from sending funds to a sanctioned address or an exchange.

Even if the AI has safeguards, still pay attention

Speaking to Cointelegraph, Sean Ren, co-founder of the AI-native blockchain platform Sahara AI, stated that in Coinbase’s case, the exchange’s tool utilizes model context protocols, “which are the gold standard for safety when set up correctly.”

“They essentially act as a gatekeeper between the AI model and your wallet. The agent can only perform specific, approved actions—such as checking balances or preparing a payment for you to confirm—rather than freely moving funds or changing wallet settings,” he said.

“Those actions are restricted by design, so even if someone tries to trick the AI through a prompt injection, for example, it can’t complete a transaction on its own,” Ren added.

However, Ren also said safer doesn’t mean foolproof, and users still need to pay attention to whatever the AI agent is doing with their portfolio.

“Users still need to stay alert, double-check what they’re approving, and never assume the agent’s doing the right thing automatically. You still have to review and sign transactions.”

Still early days for AI agents

Brian Huang, co-founder and CEO of Glider, a platform for AI-powered crypto portfolio management, told Cointelegraph that basic functionality, such as sending, swapping, and lending, is a great place to start with agents, but it’s still early days in the space.

“These are simple actions that can be done with a click — you’re not asking ChatGPT to Venmo your friends, right? Many of these actions take longer with agents,” he said.

“Agents, by contrast, are more like assistants, we all know DeFi is too complicated to participate in. These agents can help users get onboarded and feel guided through the process.”

Huang predicts that more sophisticated actions, such as portfolio management, rebalancing, and personalized financial advice, will likely follow and be more effective use cases.

“The customization that agents can provide here, the number of variables they can consider, is far superior to what any human can provide,” he said.