Base MCP Shifts Risk from Key Custody to User Vigilance

Coinbase recently launched Base MCP, a gateway on its Ethereum layer-2 network that connects users' accounts to assistants like ChatGPT and Claude. The system is touted as non-custodial, meaning the server never touches the private keys, but this design doesn't remove risk, it just relocates it.

The user remains the weak point in this setup, and with Base MCP, their role becomes even more crucial. They must approve every transaction through the Base Account, which can lead to approval fatigue. This is a significant concern, especially in DeFi, where an active strategy can involve multiple operations that require constant approvals.

The user's attention and vigilance are essential to prevent security issues like prompt injection, where a malicious instruction hidden in a link or plugin output can push the agent toward unauthorized actions. The system also leaves users vulnerable to phishing exposure since transactions are built locally rather than pulled from a spoofed website.