Researchers warn AI wallet risk
Security researchers say intermediary systems used by AI agents to power crypto payments and wallet operations can read or modify data in transit, potentially exposing private keys and enabling large‑scale downstream attacks. The warning shifts focus from whether agents can transact to how to secure machine‑mediated signing and permissions. (coindesk.com)
AI agents are starting to move crypto on users’ behalf, and researchers say the software layer between the model and the wallet can tamper with what gets signed. (coindesk.com) Those middle layers are increasingly built on the Model Context Protocol, or MCP, an open standard Anthropic introduced on November 25, 2024 for connecting assistants to outside tools and data. Coinbase launched Payments MCP on October 22, 2025 to let models such as Claude, Gemini and Codex access wallets, onramps and payments. (anthropic.com) (coinbase.com) In plain terms, MCP works like a courier between an artificial intelligence model and a wallet app: it carries requests out and brings results back. The protocol is transport-agnostic, and its web transport sends JSON-RPC messages over HTTP, which means security depends heavily on how those connections and permissions are implemented. (modelcontextprotocol.io 1) (modelcontextprotocol.io 2) The warning lands as crypto companies race to make “agentic” payments usable for software, not just people. CoinDesk reported on April 8 that Alchemy had unveiled AgentPay to help separate artificial intelligence payment systems talk to one another, and on March 15 that Coinbase and Visa were both building payment rails for agents. (coindesk.com 1) (coindesk.com 2) Security specialists are already treating MCP as a new attack surface beyond crypto. IANS Research scheduled an April 16, 2026 symposium on “MCP Risks and Opportunities in an AI World” that lists data exposure, authentication and governance among the main issues. (iansresearch.com) The practical risk is not only theft of a single wallet. If one intermediary service sits in front of many agents, a flaw there can affect every downstream user who trusts it to relay prompts, balances, addresses or signing requests. (coindesk.com) Crypto security teams have been warning for months that artificial intelligence lowers the cost of attacks. Ledger’s chief technology officer, Charles Guillemet, told CoinDesk on April 5 that AI is making hacks “cheaper and faster,” pushing wallet providers to rethink how they secure users. (coindesk.com) The debate has shifted from whether an agent can hold a wallet to who controls the permissions, logs and approval path around that wallet. As more companies wire models into payment tools, the weak point may be the messenger, not the key. (coindesk.com)
