Coinbase Agentic Wallets are the wallet infrastructure Coinbase shipped on February 11, 2026 specifically for autonomous AI agents. The product gives an agent its own MPC-secured wallet with programmable session caps, per-transaction limits, gasless settlement on Base, and native x402 payment support, all installable through a command-line tool (npx awal) or an MCP server compatible with Claude, Codex, and Gemini. The product is often miscalled "Coinbase AgentKit" — AgentKit is the open-source skills framework that sits underneath, alongside CDP Server Wallets v2 (general availability July 24, 2025) and the cb-mpc cryptographic library. This piece walks through what shipped, the MPC-plus-TEE architecture, the wallet-API surface for agent custody (per-token allowances, session keys, activity logging), how the wallet composes with the Agent.market app store Coinbase launched April 21, 2026, and how it compares to Circle Wallets, Skyfire, Nekuda, Crossmint, and Stripe Link Agent on six axes a builder cares about.
What Are Coinbase Agentic Wallets?
Coinbase Agentic Wallets are wallet infrastructure Coinbase Developer Platform launched on February 11, 2026 for autonomous AI agents. The product bundles an MPC-secured wallet, an x402 payment client, programmable spend controls, and a gasless rail on Base into one command-line install or MCP server. Coinbase positions it as the first wallet built for agents rather than humans.
The launch reframes the wallet around code, not a person. A human wallet has a UI, a recovery phrase, and a one-tap "approve" button. An agent wallet has none of those. It has a programmable signing surface, policies that bound what the agent is allowed to do, and an audit trail an operator can read. Coinbase ships this surface in two shapes: a CLI bundled with the open-source AgentKit skills library, and an MCP server an agent runtime calls remotely. Both rest on the same custody primitive, CDP Server Wallets v2, which reached general availability on July 24, 2025 with sub-200ms signing latency and a 99.9% availability target.
People often call this product "Coinbase AgentKit." AgentKit is real, but it is the upstream framework, not the wallet. The branded product released February 11, 2026 is "Agentic Wallets," and the line is precise enough to matter: AgentKit defines the agent skill modules (authenticate, fund, send, trade, earn) while the wallet defines who can sign what, when, and inside which custody perimeter. Treating them as one term makes it harder to reason about which piece is doing the work in any given agent stack.
Two facts shape why Coinbase chose to ship a separate product rather than reuse the consumer Coinbase Wallet. First, the dominant settlement currency for onchain agent payments is a dollar stablecoin: USDC ($77.3B supply per DeFiLlama on April 29, 2026) and USDT ($189.5B) account for roughly 84% of the $318B total stablecoin float. An agent wallet has to settle in the dollars its counterparties hold, not in ETH. Second, scale matters: x402 itself has crossed 165 million transactions and 69,000 active agents at $50M cumulative volume (per Cryptonews on Coinbase's Apr 21, 2026 numbers), which means an agent wallet at production scale must clear thousands of low-value events per minute, not human-paced flows.
How Do Coinbase Agentic Wallets Work?
Each Agentic Wallet is a CDP Server Wallet v2 account whose private key is split using Coinbase's MPC library and held inside an AWS Nitro Enclave. The agent calls a signing API; the policy engine checks the request against session caps and transaction limits; the enclave produces an MPC signature; the wallet broadcasts. Keys never leave the enclave.
The signing primitive is cb-mpc, the open-source Coinbase MPC library. cb-mpc implements Elliptic Curve Distributed Key Generation (EC-DKG) and threshold ECDSA over secp256k1 plus Schnorr signing over Curve25519, which means a single library covers EVM and Solana with the same cryptographic discipline. The keyshares are split between Coinbase and the operator's CDP project; below the configured threshold no signature is possible. Above it, the signature is produced inside an AWS Nitro Enclave — an isolated VM with no persistent storage and no operator login — so the raw key material is never reconstituted in plaintext on a normal host. As Coinbase head of engineering Erik Reppel put it in Decrypt's launch coverage, the design is "several orders of magnitude safer than just having a private key on disk."
Above the signing layer sits the policy engine. Before any payload reaches the enclave, the wallet checks two classes of rule. Session caps bound the total spend across an agent run; transaction limits cap a single payment. Both are configured by the operator at wallet-creation time and can be tightened on the fly. Coinbase calls these "programmable guardrails" and the launch documentation lists session caps, transaction limits, and enclave isolation as the three pillars of the security story (Bitcoin News, Feb 11, 2026).
The wallet supports both EVM chains and Solana, with gasless trading on Base. On Base, smart-account wallets route transactions through Coinbase's paymaster: the agent never holds ETH for gas, the paymaster pays the fee, and the operator settles up later. This matters because an x402 micropayment averaging 30 cents cannot afford to wait for a gas-management ritual; the wallet has to be liquid in the asset it is spending and nothing else. CDP Server Wallets v2 also supports BNB, Arbitrum, Avalanche, Polygon, Optimism, Zora, Ethereum L1, and Solana per the July 24, 2025 GA announcement; an Agentic Wallet inherits that surface.
Session keys are how the agent actually signs without holding the master credential. The operator provisions a short-lived key bound to a specific scope (max spend, allowed counterparties, expiry), and the agent uses that key for the duration of a task. If the agent goes off the rails, the master signer revokes the session and a new one is issued. The pattern mirrors ERC-7715 permissions on smart-contract wallets, but enforced at the MPC policy layer rather than in on-chain code, which is what lets the same wallet abstraction work on Solana where smart accounts behave differently from Ethereum.
The setup time is the part most operators do not expect. PYMNTS reported that an Agentic Wallet can be provisioned in "under two minutes through a command-line interface," with the operator running npx awal, completing email-OTP authentication, and receiving a wallet address before the agent code is even running. That latency budget exists because the heavy lifting happens server-side: the MPC keyshare on Coinbase's side, the policy configuration, and the enclave attestation are all pre-warmed in CDP. The operator's local install is little more than a thin client. The same flow works for the MCP server variant, where the agent runtime (Claude, Codex, Gemini) reaches the wallet over an MCP transport rather than a local CLI.
Wallet API for Agent Custody
The Agentic Wallets API exposes four custody primitives an operator wires into an agent's runtime: per-token spending allowances, session caps, allowlists, and an activity log keyed on timestamp, signer, and counterparty. Each primitive is enforced server-side by Coinbase's policy engine before the enclave produces a signature, so the agent itself can be compromised without breaching the wallet's bounded authority.
Per-token allowances scope spend per asset. An operator can authorize an agent to spend up to 100 USDC on Base across a session but zero ETH and zero arbitrary ERC-20s — the policy engine rejects any signature payload outside the allowed token set. This matters because most agent failures are not "the wrong recipient" but "the wrong token": an attacker tricks the model into signing a transfer of a long-tail asset the operator never intended to expose. Per-token caps close that surface entirely. Coinbase's broader CDP x402 documentation describes the same principle for x402 payment flows, where the wallet rejects any pay-payload whose token does not match the resource's price denomination.
Session caps bound aggregate spend over a defined window. The operator sets a cap (for example, $5 across the next hour) at session start, and the policy engine tracks running spend against it on every signing call. Once the cap is hit, further signatures fail until the operator extends the session or grants a new one. Combined with per-transaction limits (max single signature value), the two layers catch a different failure mode each: per-transaction stops a single bad call from emptying the wallet, while session cap stops a slow drip of small calls from doing the same thing in aggregate.
Allowlists narrow the counterparty surface. An agent that only ever pays a fixed set of API endpoints (a Bloomberg data feed, an AWS S3 bucket, a specific DEX router) gets allowlisted to those addresses. Anything else fails at the policy layer. The pattern mirrors merchant-category-code controls in card-issuance agent wallets but operates on raw addresses and function selectors instead of MCC codes — appropriate to onchain destinations.
The activity log is the audit primitive. Every signed action records a timestamp, the signing key (master vs. session key, plus session ID), the counterparty (recipient address or merchant identifier), the asset and amount, and the policy decision (which rule allowed or rejected the payload). The CDP Portal exposes this stream as a queryable telemetry surface; CDP webhooks deliver each event in real time so an operator can wire alerts on anomaly patterns. Operators running fleets of agents typically pipe the log into their own observability stack and run circuit breakers on aggregate spend in the last hour, not just per-agent caps. Layered enforcement is the norm: each layer catches a failure mode the others miss.
One concrete pattern. An operator running 20 trading agents on Base might configure each wallet with a 10 USDC per-transaction limit, a 200 USDC session cap, an allowlist of three DEX router addresses, and a webhook that pages the on-call engineer if a single agent crosses 90% of its session cap. The wallet enforces every one of those constraints before the enclave signs. The agent itself can hallucinate a transfer to an attacker; the wallet refuses to produce a signature that violates the policy. That is the difference between a wallet bolted onto an agent and a wallet built for one.
How Do Coinbase Agentic Wallets Compose with x402 and Agent.market?
Agentic Wallets speak x402 natively, and Coinbase's April 21, 2026 Agent.market launch turned the protocol into a service catalog. An agent with an Agentic Wallet can call any x402-monetized API in the Agent.market directory, sign the EIP-3009 payment authorization the wallet's policy engine approves, and receive the response — without API keys, sessions, or human approval at any step.
The composition pattern is mechanical. An agent calls an API. The API returns HTTP 402 with a payment-required header naming the asset, amount, and recipient. The Agentic Wallet receives the 402, checks the payment against session caps and per-token limits, signs an EIP-3009 transferWithAuthorization payload inside the enclave, and resubmits the request with the signed payload attached. A facilitator service validates the signature, settles the transfer on the underlying chain, and the API releases the response. The full round trip can clear in a single second on Base.
Agent.market is the catalog this loop now plugs into. Brian Armstrong announced the marketplace on April 20-21, 2026 with seven service categories — reasoning, data, media, search, social, infrastructure, and trading — and at the time of launch, x402 had cleared 69,000 active agents, 165 million transactions, and roughly $50 million in cumulative volume per BanklessTimes' April 21 reporting on Coinbase's published numbers. Listed services include Bloomberg data feeds and AWS resources priced per call — categories that historically required enterprise contracts and API keys, both of which an autonomous agent struggles to manage. With Agent.market plus an Agentic Wallet, the agent pays per call in USDC, the provider gets paid in USDC, and no human enrolls credentials in either direction.
The composition with x402 is what makes the wallet's per-token allowance and session cap rules legible. A naive "spend up to $5" policy without protocol awareness would have to interpret arbitrary onchain payloads. The x402 client knows which token the API requested and how much, so the policy engine can evaluate a bounded structured request rather than a raw transaction. This is also why Coinbase shipped Agentic Wallets and Agent.market on the same protocol: the wallet's policy layer and the marketplace's pricing layer share a vocabulary, and signed payment authorizations carry the metadata needed for the activity log to record both the API endpoint and the resource paid for.
An Agentic Wallet is not the only x402-capable wallet. Circle Wallets shipped x402 support in April 2026 with the same EIP-3009 settlement flow, and Crossmint smart wallets handle x402 calls through their session-key surface. The difference is that Coinbase's wallet is the only one shipping with the marketplace pre-wired, the paymaster pre-funded for Base gas, and the policy engine built around the protocol's request shape rather than retrofitted onto a general-purpose wallet.
Coinbase Agentic Wallets vs Other Agent Wallets
Coinbase Agentic Wallets sit in the MPC custodial category alongside Circle Wallets and Skyfire's KYAPay surface, but the comparison spans five distinct architectures: MPC custodial, smart-contract, vault-style, custodial-Link, and identity-only. The matrix below summarizes how each agent wallet handles custody, programmability, settlement rails, identity attestation, and gas across six representative implementations.
Wallet | Custody | Programmability | Settlement rails | Identity / KYA | Gas / fees |
Coinbase Agentic Wallets | MPC + AWS Nitro Enclave | Session caps, per-token allowances, allowlists, activity log | x402 native; EVM + Solana; Base gasless | CDP project identity; KYT screening | Paymaster-sponsored on Base |
Developer-controlled MPC | Sign Typed Data API; off-chain rules | x402 via EIP-3009; CCTP V2 cross-chain USDC | Operator-managed | Gas Station paymaster | |
Custodial | Off-chain server rules | Stablecoin via processor | KYA token (signed JWT) | Provider-sponsored | |
Vault holds credential | Vault policy engine + Mandates SDK | Whatever credential supports | Provider-attested mandates | Vault fee per call | |
Smart account on-chain (40+ chains) | EIP-4337/7702; ERC-7715 session keys | Stablecoin (USDC, USDT) | Contract-level DIY | Paymaster sponsored | |
Stripe-hosted custodial | Per-session limits via Link | Card + ACH via Stripe | Stripe-attested | Provider-sponsored |
The table answers the practical question a builder asks first: what trade-off is each wallet making? Coinbase Agentic Wallets bet on MPC-plus-TEE for custody, on policy enforcement at the wallet boundary rather than on-chain, and on x402 plus Base as the default settlement combination. Circle bets the same way on the cryptography but ships fewer policy primitives out of the box. Crossmint bets on smart-contract enforcement (which is more flexible but harder to compose with non-EVM chains). Skyfire bets on identity attestation as the primary value-add and treats custody as commodity. Nekuda bets on vaulting traditional payment credentials so the agent never touches a card number. Stripe Link Agent bets on plugging into the existing Stripe processor footprint.
None of these is the correct answer for every agent. A team building an agent that pays other agents in USDC for compute calls will choose differently from a team building an agent that books restaurant reservations on Visa rails. The wallet category falls out of three questions in order: what does the agent buy, who owns the user relationship, and what regulatory perimeter does the operator want to live inside. The full five-category agent-wallet framework walks through that decision; the table here zooms into the six implementations that ship in production today.
Sources and methodology. Product details verified against issuer documentation linked inline. Launch dates: Coinbase Agentic Wallets Feb 11, 2026 per Coinbase Developer Platform announcement; CDP Server Wallets v2 GA July 24, 2025; Coinbase Agent.market April 21, 2026 per BanklessTimes. x402 cumulative figures (69,000 agents, 165M transactions, $50M volume) per Cryptonews reporting Coinbase's April 21, 2026 numbers. Stablecoin supplies pulled from DeFiLlama on April 29, 2026. Figures refresh quarterly.
Eco's Role for Cross-Chain Stablecoin Settlement
Eco is a stablecoin execution network that sits beneath an Agentic Wallet and handles cross-chain settlement once the wallet authorizes a payment. The wallet decides who can spend, what token, and how much; Eco moves the dollars from the agent's chain to the counterparty's preferred chain across 15 supported networks via a single intent-style API.
Coinbase Agentic Wallets settle natively on Base and across the EVM and Solana surface CDP Server Wallets v2 supports. That is plenty for an agent paying x402 services priced in USDC on Base. It is not enough for an agent whose counterparty holds USDT on Tron, USDC on Solana, or PYUSD on Ethereum L1. Cross-chain settlement is a separate problem from custody. Eco sits underneath the wallet's signing surface and handles that movement, with Hyperlane and CCTP as the live transport rails behind a single intent-style API. An agent holding USDC on Base in an Agentic Wallet can pay a counterparty whose treasury sits on Solana or Arbitrum without writing routing logic or selecting a bridge per chain. The wallet authorizes; Eco settles where the dollars actually need to land. For teams building agent payment flows across more than one chain, that division of labor is the difference between integrating one settlement surface and stitching together a bridge, a swap aggregator, and a routing layer per chain. Eco does not replace the wallet — it composes underneath whichever wallet the operator picked.