Skip to main content

MoonPay's Open Wallet Standard: Why the Agent Economy Just Got Its First Real Wallet Layer

· 13 min read
Dora Noda
Dora Noda
Software Engineer

When MoonPay open-sourced its Open Wallet Standard on March 23, 2026, it did something the rest of the agent-economy stack had quietly avoided: it admitted that AI agents need a wallet purpose-built for machines, not a sandboxed copy of MetaMask. The launch came with backing from PayPal, Circle, the Ethereum Foundation, the Solana Foundation, Ripple, OKX, Polygon, Sui, Base, Arbitrum, LayerZero, and roughly a dozen other organizations spanning every major chain. Within two months of launching MoonPay Agents in February, the company had pulled together what looks more like an industry consortium than a product release.

The thesis is simple and uncomfortable for incumbents: the wallet UX that took crypto a decade to refine — seed phrases, hardware confirmations, per-transaction approvals, browser extensions — was designed for humans who can think about risk. None of those primitives translate cleanly to a process running inside an LLM context window, where any data can leak into a prompt, a log line, or a tool call. If the next trillion dollars of crypto volume comes from autonomous agents transacting on behalf of users, the wallet layer needs a hard reset.

The Numbers Behind the Race

The market the OWS is chasing is not theoretical. McKinsey projects $900 billion to $1 trillion in US business-to-consumer agentic commerce revenue by 2030, and the global agentic economy is forecast at $3 trillion to $5 trillion in the same window. Stablecoin volume hit $33 trillion in 2025, up 72% year over year, with supply projected to grow another 56% to roughly $420 billion in 2026. The growth driver crypto-native analysts keep pointing at is machine-to-machine flows.

The early data is already loud. Coinbase and Cloudflare's x402 protocol — the HTTP 402 revival that lets agents pay servers per request — has processed more than 119 million transactions on Base, 35 million on Solana, and supports nearly 500,000 active AI wallets. Annualized volume sits around $600 million. Some Layer 2 networks recorded agent-driven transaction spikes of 10,000% or more in early 2026. At NRF 2026, 75% of retailer attendees said they were implementing or planning agentic commerce. Gartner's read is that 33% of enterprises will include agentic AI by 2028, but current payment infrastructure cannot handle sub-cent billing.

In other words, the demand exists, the rails are getting built, and the wallet sitting between the agent and the rails is the part nobody had standardized — until now.

Why a Wallet for Agents Looks Nothing Like a Wallet for Humans

Traditional wallet design assumes a human is in the loop. MetaMask asks for a signature on every transaction. Phantom prompts you to approve each swap. Hardware wallets like Ledger require a physical button press. The entire UX is built around the assumption that the wallet's job is to slow you down enough to catch a phishing attempt or a malicious dApp.

Agents break every part of that model. An autonomous research agent might call 50 paid APIs in a single user query. A trading agent might rebalance a portfolio every 30 seconds. A travel-booking agent might pay a flight provider, three hotels, and a transfer service in under a minute. None of that survives a per-transaction prompt. And the workaround that some early agent frameworks used — handing the agent the seed phrase directly — is the worst possible answer in an environment where the agent's memory, context window, logs, and tool outputs are all potential leak surfaces.

MoonPay's Open Wallet Standard solves this with a deliberate inversion: the agent never sees the key. Instead of giving the agent a seed phrase, OWS gives it a signing API. The agent calls a sign() function, the library decrypts the key inside an isolated process, produces a signature, wipes the key from memory, and returns only the signed payload. The private key is never accessible to the LLM context, the parent application, or any tool the agent can call.

The implementation is conservative on purpose. Keys are encrypted at rest using AES-256-GCM with a scrypt key derivation function — the same Ethereum Keystore v3 format that has been in production since 2015. Decryption happens in mlocked memory that cannot be swapped to disk, and the key is zeroized immediately after signing. Wallets are stored locally at ~/.ows/, encrypted with a user-supplied password. There is no novel cryptography here, which is the point: novel crypto is exactly what you do not want underneath autonomous machines moving real money.

The Cross-Chain Move That Forces Convergence

The other thing OWS does — and the reason it is hard to ignore even if you do not love MoonPay — is collapse the chain-fragmentation problem. A single seed phrase derives accounts across eight chain families: EVM, Solana, Bitcoin, Cosmos, Tron, TON, Spark, Filecoin, and the XRP Ledger. For an agent that needs to pay a Solana DePIN service, settle a Bitcoin Lightning invoice, then claim a reward on a Cosmos appchain, this is the difference between one identity and three custody nightmares.

The supporting org list reads like a forced-cooperation truce. PayPal and Circle on the stablecoin side. Ethereum Foundation, Solana Foundation, TON Foundation, Filecoin Foundation, and Sui on the chain side. Base, Polygon, Arbitrum, and LayerZero on the L2 and interop side. Ripple, OKX, and Tron on the exchange and payment-rail side. Virtuals, Dynamic, Allium, Dflow, Uniblock, and Simmer.Markets representing the agent-tooling layer. Getting that many usually-competitive ecosystems to put their name on a single wallet standard suggests something most of them have privately concluded: a fragmented agent-wallet landscape is bad for everyone, and whoever ships the de facto standard first wins.

It is worth noting what is not on the list. Coinbase, despite being arguably the most credible competitor with x402 and AgentKit. World, Sam Altman's identity-verification project that integrated x402 in March. MetaMask, which shipped its own ERC-7715 Advanced Permissions for time-bound delegated execution in April. Phantom, which launched its MCP Server for agent access in February. The omissions are as informative as the inclusions — this looks like an explicit second pole of gravity in the agent-payments stack, set up across the table from Coinbase's vertically integrated alternative.

The Competitive Map

Pulling back, the agent-payments stack in April 2026 has four roughly parallel approaches, and OWS slots into a specific gap none of the others fill cleanly.

Coinbase's x402 plus AgentKit plus Agentic Wallets is the most aggressive end-to-end play. x402 is the payment protocol, AgentKit is the SDK that wraps it, and Agentic Wallets are the custody layer. The advantage is integration: one stack, one vendor, fast to ship. The downside is exactly that — it is one vendor, and the wallet primitive is implicitly tied to Coinbase's commercial interests.

Stripe's Agent Toolkit and Tempo integration comes at the problem from fiat. Stripe is solving the merchant side of agentic commerce — how does an existing online business accept payment from an autonomous shopper. Stripe is excellent at this layer but does not pretend to be a wallet.

MetaMask's ERC-7715 Advanced Permissions and Phantom's MCP Server retrofit existing consumer wallets with delegated-execution APIs. This is the path of least resistance for the existing user base — your existing wallet learns to accept agent instructions inside scoped, time-bound permissions. The cost is conceptual coherence: you are bolting agent semantics onto a primitive built for humans, and the security model has the seams to prove it.

MoonPay's Open Wallet Standard is the only attempt at a clean-sheet, multi-vendor, open-source wallet primitive designed specifically for non-human operators. It does not solve the merchant side (Stripe's territory), it does not own the payment protocol (x402's territory), and it does not have a million-user consumer wallet to leverage (MetaMask's and Phantom's territory). What it does have is a primitive — the wallet — defined as an open standard that any framework, exchange, or chain can implement without picking a side in the AgentKit-versus-OWS contest.

That is a defensible position. It is also the position that historically wins infrastructure battles: TCP/IP did not need to own the application layer to become the default.

The Quiet Risks Underneath

It would be a mistake to call this settled. Three risks are worth holding onto.

The first is operational maturity. OWS is two months old. The cryptography is conservative, but the surrounding tooling — key rotation, multi-device sync, recovery flows for lost passwords, audit trails for agent decisions, integration with hardware signers beyond the Ledger native support added in March — is still in early-release territory. The first major agent-wallet breach will set the category back regardless of which standard the victim used.

The second is regulatory ambiguity. The GENIUS Act's stablecoin rulemaking continues through 2026, and the question of who is liable when an autonomous agent makes a payment that violates sanctions, AML, or consumer-protection rules has no settled answer. World's bet — verifying a real human is behind every agent transaction via World ID — assumes regulators will demand provable human accountability. OWS makes a different bet: the wallet is a neutral primitive, and liability sits with whoever deploys the agent. Both bets cannot be right, and the rulemaking outcome will favor one architecture.

The third is the consumer-wallet counter-attack. ERC-7715 is real, scoped permissions are real, and the world where MetaMask and Phantom add an "agent mode" toggle to their existing apps is the simplest possible UX — a user does not need to install a separate CLI tool or learn a new primitive. If the consumer wallets close the gap fast enough, OWS could end up as the standard that the infrastructure layer adopts but the end-user layer ignores. That is still a meaningful outcome, but it is a smaller one than the consortium clearly wants.

What to Watch Over the Next Two Quarters

A few specific signals will tell you whether OWS is becoming the default or not.

Implementation breadth. How many of the 15 launch partners ship native OWS integrations versus just lending their logos. Circle integrating OWS into its Programmable Wallets product would be a strong signal. The Ethereum Foundation publishing reference docs that point developers at OWS would be stronger.

Cross-pollination with x402. OWS and x402 are technically complementary — OWS is the wallet, x402 is the payment protocol — but the consortium boundaries suggest a turf battle. If a major framework ships an OWS-plus-x402 combined reference implementation, that is the truce that locks both standards in. If instead Coinbase pushes an AgentKit-native wallet that competes with OWS, expect fragmentation to persist.

Agent-side adoption. The agent frameworks themselves — LangChain, AutoGen, ElizaOS, Virtuals, the Anthropic Agent SDK — picking OWS as a default option is the inflection point. Right now most of them are wallet-agnostic. Whichever wallet primitive they default to will likely become the de facto standard regardless of consortium dynamics.

The first regulated deployment. A Tier 1 financial institution or a regulated payments company shipping an agent that uses OWS in production — visible to compliance teams, with audit trails and named accountability — would validate the architecture in a way no amount of open-source contribution can.

The Bigger Pattern

Step back and the MoonPay launch fits a pattern that has played out repeatedly in crypto infrastructure: someone with a real distribution business in the existing market — MoonPay processes over $150 billion in lifetime fiat volume across 20 million users — uses that position to define a standard for the next market. The fiat on/off-ramp business gave MoonPay the relationships with PayPal, Circle, and the major chains that made the OWS consortium possible. The wallet standard is the asset that compounds.

The agent economy is going to need wallets the same way the human economy did. The question is whether those wallets get built as a vendor-controlled product (the AgentKit path), as bolted-on extensions to existing consumer apps (the MetaMask and Phantom path), or as an open primitive that the whole industry shares (the OWS bet). MoonPay has placed a credible bet on the third option, with enough partners around the table to make the standard sticky from day one.

Whether that bet pays off depends on a lot of execution that has not happened yet. But the framing is correct: AI agents are not humans with smaller wallets. They are a new class of operator that needs a wallet primitive purpose-built for them, and the project that gets that primitive right will sit underneath an enormous fraction of the next decade's crypto volume.

BlockEden.xyz operates RPC and indexing infrastructure across the chains the agent economy is being built on — Sui, Aptos, Ethereum, Solana, and more. As autonomous agents start moving real volume through your stack, the reliability of the underlying node infrastructure stops being a back-office concern and starts being part of your product surface. Explore our API marketplace to see what production-grade infrastructure looks like for agent-era workloads.

Sources

Share on Twitter