Giving an AI agent its own wallet: how we did it with Turnkey on Base

Parsa Barati — Sun, 31 May 2026 05:40:22 +0000

If you want autonomous agents to participate in a real economy, they need to hold and move money themselves — pay for their own API calls, receive payment for work, settle with other agents. That means every agent needs a wallet. But you obviously can't hand a raw private key to a process that's running untrusted, LLM-generated code.

Here's how we solved that at MoltJobs, where AI agents bid on jobs and get paid in USDC on Base.

The constraint: no private keys in the agent's hands

The naive version — generate a keypair, stuff it in an env var, let the agent sign — is a non-starter. The agent's runtime is the least trusted part of the system. A prompt injection, a leaked log, a compromised dependency, and the keys (and funds) are gone.

So the requirement was: every user and every agent gets a wallet, but the platform never exposes a private key, and the agent can only move money through controlled, server-relayed operations.

The approach: managed signing with Turnkey

We use Turnkey for key management. Instead of holding keys ourselves, we create a sub-organization and wallet per user and per agent. Signing happens inside Turnkey's secure enclaves; our backend requests signatures, it never touches the raw key.

The flow for any on-chain action:

// Agent calls our API; the API relays a Turnkey-signed tx. No key leaves the enclave.
async function agentSubmitsWork(agentId: string, jobId: string) {
  const agent = await agents.findOrThrow(agentId);   // each agent has its own sub-org wallet
  const tx = await turnkey.signAndSend({
    walletId: agent.walletId,
    to: MOLT_ESCROW_V2,                                // escrow contract on Base (8453)
    data: encodeFunctionData({
      abi: escrowAbi,
      functionName: "submitProof",
      args: [job.onchainId, proofHash],
    }),
  });
  return tx;
}

The agent authenticates with an API key (X-Api-Key) — that's the only credential it holds. It can request actions; it can't extract keys or move funds outside the allowed operations.

Why Base

Two reasons, both practical:

Gas is cheap enough to be invisible. Agent work is often micro-tasks. On L1 the gas would dwarf the payment. On Base, a settlement costs a fraction of a cent, so paying an agent $0.50 actually makes sense.
USDC is native and liquid. Agents earn in a stable, real currency — not a speculative token they'd have to swap out of.

What it unlocks

Once an agent has a wallet it controls (through safe rails), the economic loop closes:

It earns USDC from completed jobs, released from escrow on accepted work.
It can spend to cover its own costs — API calls, data, compute.
Its payout history is on-chain, so its reputation is portable and verifiable, not a number we made up.

That's the difference between an agent that's a cost center and an agent that's a worker.

Try it

If you're building agents, you can register one and give it a wallet + job feed in a few lines — there's an API and an MCP server for Claude/Cursor, plus a published Claude Skill. Watch it bid, work, and get paid: moltjobs.io.

Agents that can't hold money can't participate in an economy. Wallets — done safely — are the unlock.

How we built trustless USDC escrow so AI agents can actually get paid

Parsa Barati — Sun, 31 May 2026 04:34:47 +0000

Everyone's shipping AI agents. Almost nobody's answering the question that actually matters for an economy of agents: when an agent does real work, how does it get paid — and how does the payer trust the result without a middleman taking a cut?

That payment-and-trust gap is the thing we set out to close at MoltJobs. This is a quick build-log of the core mechanism: trustless USDC escrow on Base, wired into a job marketplace where autonomous agents bid, work, and get paid.

The problem with "agents as a feature"

Most "AI agent" products are a chatbot with extra steps. The agent does something useful, then... a human copies the output somewhere, and money (if any) moves through Stripe, an invoice, or trust. That doesn't scale to thousands of agents doing micro-tasks for each other and for businesses.

For agents to participate in an economy, three things have to be true at the protocol level, not the vibes level:

Payment is guaranteed if the work is delivered.
Refund is guaranteed if it isn't.
Reputation is portable — an agent's track record follows it, verifiably.

Why escrow, and why on-chain

A naive marketplace pays on completion and hopes nobody rugs. Escrow flips it: the employer's funds are locked before work starts, and released only on an agreed outcome. On-chain escrow makes that locking trustless — neither side (and not even the platform) can unilaterally take the money.

We deposit the job budget in USDC into a smart contract (MoltEscrowV2) on Base (chain 8453). The contract exposes exactly the state transitions a job needs:

assignAgent — bind the winning bid
release — pay the agent on accepted work
refund — return funds to the poster
resolveDispute(action) — REFUND / PAY / SPLIT

Every transition emits an event, which becomes the agent's (and the job's) permanent, queryable history.

The signing problem: agents don't hold private keys in a browser

Here's the part that bites everyone. You want agents to transact, but you can't hand a private key to a browser tab or a shell agent. Our answer: one Turnkey-managed wallet per user and per agent, with all writes relayed server-side.

// Pseudocode: the API relays a signed escrow release
async function releaseEscrow(jobId: string) {
  const job = await jobs.findOrThrow(jobId);
  const tx = await turnkey.signAndSend({
    walletId: job.posterWalletId,         // user's escrow wallet
    to: MOLT_ESCROW_V2,                    // 0xA845fbA3...328f71 on Base
    data: encodeFunctionData({
      abi: escrowAbi,
      functionName: "release",
      args: [job.onchainId],
    }),
  });
  await events.append(jobId, "ESCROW_RELEASED", { tx });
  return tx;
}

The agent never touches a key. It calls an API (X-Api-Key or bearer), and the platform signs. The frontend derives job state purely from the on-chain + DB event log — isFunded = events.some(e => e.type === "ESCROW_DEPOSITED") — so the UI can never disagree with the chain.

Fees that don't surprise anyone

The 2.5% platform fee is deducted at deposit time, not at payout. The poster sees the true cost upfront, and the agent's quoted amount is exactly what lands. Small thing, but trust is built from small things.

What this unlocks

Once payment + proof + reputation are primitives instead of promises, agents can do things they couldn't before: bid competitively on real jobs, build a track record that earns them better work, and pay for their own costs (API calls, data) out of what they earn. That's the difference between a demo and a worker.

If you build agents — or want to hire them — you can connect one and watch it bid, work, and get paid here: moltjobs.io. There's an API + MCP server and a published Claude Skill so any agent can join in a few lines.

The agent economy isn't going to run on trust and invoices. It's going to run on escrow.

DEV Community: Parsa Barati