Coinbase's Base launches Base MCP, letting ChatGPT and Claude manage wallets and DeFi. We analyse the prompt injection risk, permission scope, and what to watch for traders.
Alpha Score of 24 reflects poor overall profile with poor momentum, poor value, weak quality, moderate sentiment.
Coinbase's Ethereum Layer 2 network Base has released a tool called Base MCP that allows AI agents to manage users' crypto wallets and decentralized finance applications through plain-language prompts. The product connects a user's Base Account to AI clients such as ChatGPT, Claude and Cursor using the Model Context Protocol (MCP), an emerging standard for secure AI-to-tool interfaces.
This integration introduces a new attack surface for wallet security and execution risk. Users can ask an AI agent to send funds, swap tokens, check balances, review transaction history and interact with DeFi protocols on Base without navigating traditional crypto interfaces. The convenience comes with a tradeoff: the same natural-language interface that lowers the barrier to onchain action also expands the potential for error, manipulation and exploit.
“Base MCP is a first step toward making the onchain economy easier to use via AI,” Base said in a statement. “Instead of forcing users to jump between apps, parse protocol interfaces, or know exactly which action to take, Base MCP lets your agent help you navigate the ecosystem in a more personalized and understandable way.”
Normal wallet interaction requires a user to manually approve each transaction via a wallet interface or hardware device. Base MCP replaces that step with a conversational agent that can generate transaction instructions autonomously. The AI client still requires the user's approval at some point. The attack surface expands significantly.
If an AI agent can parse a user's natural-language request to “swap 1 ETH for USDC”, a bad actor could craft a prompt that instructs the agent to send funds to a different address. This is a known vulnerability in large language model systems called prompt injection. Base MCP does not publicly disclose how it sanitises inputs or verifies that the executed action matches the user's intent. The risk is not that the AI will “go rogue” autonomously. The risk is that the user's request gets misinterpreted, or that a third-party prompt injected into a conversation triggers an unintended transaction.
At launch, Base MCP integrates with Morpho, Moonwell, Uniswap and Avantis – lending, swapping and perpetuals platforms. Each integration grants the AI agent a specific set of permissions. The user must trust that the permission model is granular enough to prevent an agent from performing actions beyond the user's request, such as taking loans or opening leveraged positions without explicit approval. The security model is only as good as the permission layer between the AI client and the wallet.
Key insight: The core risk is not AI autonomy – it is the combination of ambiguous user instructions and insufficient permission boundaries. A vague request like “manage my liquidity” could trigger a cascade of onchain actions the user did not intend.
Base is an Ethereum Layer 2 rollup that hosts a growing ecosystem of DeFi protocols. Any user who connects their Base Account to a supported AI client and authorises Base MCP becomes exposed. The exposure is not limited to large holders – retail users experimenting with AI agents are equally at risk.
The four listed integrations cover key onchain activities. A malicious or erroneous instruction could:
Tokens on Base – ETH, USDC, Morpho, Moonwell governance tokens, Uniswap LP tokens and any token traded via Avantis – are directly reachable. Stablecoins are especially sensitive because they are high-value targets for theft.
Base MCP is live as of the announcement. No major security incidents have been reported. The product is in its earliest stage. Base framed the initiative as part of a broader push toward AI-native internet interfaces.
“Over time, we believe agentic chat interfaces will become an important surface for app discovery and distribution,” the company wrote in its press release. “As more people use agents as their primary internet interface, apps will need a new way to show up inside those environments.”
If Base MCP gains traction, the mix of onchain activity on Base could change. Morpho and Moonwell lender deposits may see increased volatility as AI agents supply and withdraw more rapidly than humans would. Uniswap liquidity pools could experience larger but more sporadic trades if multiple agents execute similar instructions in a short window.
The launch of Base MCP is not a risk event in the conventional sense of a hack or regulatory crackdown. It is a product release that, by design, lowers the barrier to onchain action while simultaneously raising the potential cost of a mistake or exploit. For traders and holders on Base, the immediate question is whether the convenience of AI-driven wallet management outweighs the added attack surface. The answer will depend on Base's ability to demonstrate that its permission model and input validation are robust enough to withstand real-world use.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.