Overview
- MetaMask has unveiled the Agent Wallet, a self-custodial wallet tailored for AI agents capable of executing on-chain transactions autonomously.
- This wallet incorporates transaction simulations, threat detection, and essential security measures to mitigate risks linked to autonomous software.
- Currently, 200 users have access through an Early Access Program, with plans for a broader launch this summer.
MetaMask has introduced the Agent Wallet, a self-custodial wallet that empowers AI agents to autonomously engage in trading and interact with decentralized finance applications while adhering to user-defined security protocols. (Note: MetaMask is a product of Consensys, which is among various investors in the editorially independent Decrypt.)
This release aligns with the trend among cryptocurrency developers to create AI agents that can handle portfolio management, execute trades, and directly engage with decentralized applications. The wallet is initially available to about 200 users via an Early Access Program, with a wider launch anticipated later this summer.
MetaMask's Senior Director of Product, Zhen Yu Tong, stated to Decrypt, "This is truly the beginning for agents, but we cannot delay infrastructure decisions since agents are already managing real funds, and many are doing so incorrectly."
Tong pointed out that numerous existing projects grant AI agents direct access to private keys, which raises the risk of unintentional transactions or fund loss due to mistakes rather than hacks.
He warned, "If the initial generation of trading agents normalizes the practice of giving away your keys, we will be repeating the custodial errors that the crypto industry has spent a decade trying to overcome."
MetaMask's Agent Wallet channels transactions through its established security framework, which includes transaction simulations, detection of scams and malicious contracts, threat scanning powered by Blockaid, Clear Signing, and Servo MEV protection.
Instead of assuming that AI models can be entirely shielded from manipulation, MetaMask designed the wallet with controls to minimize the impact of potential errors made by agents.
Tong remarked, "The honest truth is: You cannot ensure an LLM won't be deceived. Prompt injection is an ongoing research issue, not a simple bug fix."
Prompt injection occurs when harmful instructions are used to compromise an AI system, leading it to execute unintended actions. In the context of crypto, this could result in an AI being tricked into approving transactions, transferring funds, or engaging with a malicious smart contract.
To counteract this, the Agent Wallet's default Guard Mode allows users to set spending limits, approve protocols, and establish other operational parameters. Transactions that exceed these conditions or are marked as suspicious will require two-factor authentication before proceeding.
A less restrictive Beast Mode gives agents more autonomy while still necessitating approval for transactions flagged as potentially harmful.
Tong explained, "Beast Mode is for users who prefer a truly hands-off experience—the agent operates without needing a prompt for every transaction. However, this mode does not eliminate the safety net. If our threat detection identifies a transaction as malicious, 2FA will still activate, regardless of the mode in use. That’s non-negotiable."
Operating without explicit approval does not imply no limitations. Beast Mode still functions within user-defined constraints, including spending caps, approved assets and protocols, and time-based restrictions, permitting agents to autonomously rebalance portfolios, interact with verified contracts, and settle payments without requiring prior approval for each transaction.
Tong compared this to banking systems or exchanges, where recipients need to be added to an allowlist before transactions can be sent. In Guard Mode, users pre-approve which entities the agent can engage with, and any transactions outside this list trigger 2FA. Conversely, Beast Mode scans addresses in real-time, activating 2FA if any are deemed suspicious—without requiring upfront allowlisting by the user.
The wallet is compatible with Ethereum Virtual Machine-compatible chains, Hyperliquid, and agent frameworks such as OpenAI Codex, Anthropic's Claude Code, Cursor, OpenClaw, and Hermes Agent. It utilizes Cubist's trusted execution environment technology to maintain private keys within a hardware-isolated enclave during signing, which Tong mentioned prevents MetaMask and Consensys from accessing users' key materials.
The introduction of MetaMask's Agent Wallet follows similar initiatives by other crypto firms to build infrastructure for AI agents.
In February, Coinbase launched Agentic Wallets, a self-custodial wallet designed for AI agents to manage crypto assets and send payments while keeping private keys secured within trusted execution environments. In March, MoonPay expanded its own agent strategy by integrating Ledger hardware wallets to facilitate human-approved AI transactions.
Later, MoonPay introduced the Open Wallet Standard, an open-source framework backed by contributors such as PayPal, the Ethereum Foundation, Solana Foundation, Ripple, and Base, aimed at standardizing the management of wallets and funds by AI agents across different blockchains. (Note: MoonPay Ventures is an investor in Decrypt's parent company, Dastan.)
Recently, MoonPay also released a desktop application for Claude Code and OpenAI Codex, enabling users to connect AI assistants to wallets, execute token swaps, engage in prediction markets, and utilize other blockchain tools through a graphical interface.