MoonPay launched agent wallets on February 24th. Coinbase shipped theirs in January. Both are solid products from companies worth billions.
I've been building a non-custodial agent wallet SDK since early February. Here's what I learned about why custody model matters more than brand name when agents handle real money.
The spend limit problem
Both Coinbase and MoonPay enforce spending limits through their API layer. Your agent calls the API, the API checks the limit, the transaction goes through (or doesn't).
Sounds fine until you think about what happens when the API layer gets compromised. Or when someone finds a way to bypass the middleware. The limits disappear.
We built agentwallet-sdk with spend limits enforced in the smart contract itself — on-chain, in Solidity. Even if every server between the agent and the blockchain catches fire, those limits hold. The EVM enforces them. That's not a policy decision. It's math.
Custody: the actual architecture difference
Coinbase Agentic Wallet stores keys in TEE enclaves. The agent never touches private keys — Coinbase signs transactions on the agent's behalf. This is convenient and honestly pretty secure. But it's semi-custodial. Coinbase holds the keys. If Coinbase freezes the wallet, the agent stops.
MoonPay Agents claims non-custodial — wallet stored on the user's device. Details are sparse in the launch materials though, and spend limits aren't documented at all.
agentwallet-sdk is fully non-custodial. Keys live on the agent's device via viem. The wallet itself is an ERC-6551 Token Bound Account — meaning the wallet is owned by an NFT. Transfer the NFT, and all permissions, history, and identity transfer with it. No explicit revocation ceremony needed.
Agent identity: the missing piece
Neither Coinbase nor MoonPay has any concept of on-chain agent identity.
We shipped ERC-8004 support. An agent gets a portable, verifiable identity on Ethereum — name, capabilities, model metadata, reputation hooks. All on-chain. No platform can deplatform it.
This matters for agent-to-agent trust. When Agent A pays Agent B for a service, both sides need to verify who they're dealing with. A wallet address isn't enough. You need identity that's portable and censorship-resistant.
The comparison table
| Feature | agentwallet-sdk | Coinbase | MoonPay |
|---|---|---|---|
| Custody | Non-custodial | Semi-custodial (TEE) | Non-custodial (claimed) |
| Spend limits | On-chain enforced | API-enforced | Not documented |
| Chains | 5 (Base, ETH, Arb, Polygon, Sepolia) | Base only | Multi-chain (unclear) |
| Agent identity | ERC-8004 + ERC-6551 | None | None |
| Open source | MIT license | Partial | Closed |
| x402 payments | Native | Supported | "Compatible" |
| Fiat on-ramp | None | Via Coinbase | Full (Apple Pay, Venmo, 180 countries) |
| Gas fees | Standard | Gasless on Base | Unclear |
Where competitors genuinely win
I'm not going to pretend we beat them everywhere. MoonPay's fiat ramps cover 180 countries with Apple Pay and Venmo support — that's genuinely excellent and something we don't have. Coinbase sponsors gas on Base, meaning zero gas fees for agents. That's a real developer experience advantage.
But if you're building agents that autonomously handle money, the security guarantees need to live on-chain. Not in an API. Not in a TEE. On the blockchain, where the math enforces the rules.
Try it
npm i @agentwallet/sdk
The SDK, the contracts, everything — MIT licensed. Read the code before you trust the docs.
Top comments (0)