This week Coinbase's Ethereum Layer-2 network Base shipped one of the more consequential pieces of agentic-payment infrastructure of the year. Base MCP — a Model Context Protocol gateway — lets AI agents running on ChatGPT, Claude, Codex, or Cursor connect to a user's wallet, propose on-chain actions, and execute them after explicit user approval. It launches with first-class integrations for Uniswap, Morpho, and Moonwell, three of the most-used DeFi protocols on Base.
If you have been following this site's recent coverage — AWS AgentCore Payments, Circle's Agent Stack, Alipay's MCP server, MoonPay's MoonAgents Card — the pattern is now obvious. Every major payments and DeFi platform is shipping the same shape of product: an MCP server that lets a general-purpose LLM act as a frontend for their financial primitives. Base MCP is the first one that puts the entire onchain economy on the other end of that pipe.
What Base MCP Actually Does
The user-facing experience is the easy part. A Base Account user installs Base MCP into their AI client (ChatGPT, Claude, etc.) and authenticates via OAuth 2.1. From that point, conversational instructions like "swap $50 USDC for ETH on Uniswap" or "supply $1,000 USDC to the highest-yielding Morpho vault" parse into proposed transactions. The agent never sees the user's keys. Instead, Base Account opens a separate review window showing the exact transaction, and the user explicitly approves or rejects before anything moves.
Under the hood, three architectural choices are doing the heavy lifting:
- Trusted execution environment (TEE) for key custody. Private keys are generated and stored inside a secure enclave that the AI agent — and the model provider — never directly access. The agent can propose a transaction; only the TEE can sign one, and only after the user's separate approval. This is the security model that has to work for any of this to be deployable at retail scale.
- OAuth 2.1 for agent authorisation. Treating the AI client as a third-party application that the user can scope, revoke, and audit is the right primitive. It is also a notable departure from "paste a private key into a prompt", which is how a lot of early agent-DeFi demos worked.
- MCP as the integration surface. Rather than every DeFi protocol building bespoke per-LLM integrations, MCP gives them one standard interface and the major LLM clients pick it up for free. This is the same dynamic that turned MCP into a real protocol over the last twelve months — and the reason Base picked it.
Read the full article on tomcn.uk →
About the Author
I'm Tom Wang, an AI Developer & Fintech Developer — building AI agents, crypto payment infrastructure, and cross-border payout systems with Rust, Go, and TypeScript. Based in London, UK.
Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.
Top comments (0)