MoonPay has introduced the Open Wallet Standard (OWS), an innovative open-source framework aimed at providing AI agents with a uniform method for managing funds and signing blockchain transactions across various chains, particularly in relation to stablecoin transactions. The initiative is supported by a diverse coalition including prominent entities such as PayPal, Circle, the Ethereum Foundation, and the Solana Foundation, among others.
This standard addresses a significant and escalating issue in the AI landscape. With the rapid increase in the adoption of AI agents, each framework has been developing its own solutions for key management. The result has often been insecure practices, where private keys essential for transaction signing may end up hardcoded in environment variables, embedded within configuration files, or passed as arguments that might become visible in logs or the LLM’s context. The potential exposure of private keys poses a risk of misuse, while the fragmentation of wallet systems means that a wallet designed for one agent may not be compatible with another.
OWS aims to remedy these shortcomings by providing a signing API that abstracts direct access to private keys. Instead of requiring agents to manage keys themselves, the agents will call a signing function through the API. This library autonomously manages decryption, generates the required signatures, wipes the key from memory post-signature, and only returns the result to the agent. As a result, the private key is not exposed as a variable in the agent’s code, does not pass through the LLM’s context, and is not recorded in logs, marking a notable advancement over existing methodologies. Nevertheless, while it alleviates certain logging and exposure issues, the OWS is upfront about its limitations in ensuring comprehensive security against all potential threats.
Currently, the implementation remains software-based. Key decryption and signing occur within the same operating system process as the agent’s code. Although there are robust safeguards—such as locking key material in RAM to prevent it from being written to swap files, immediate memory wiping after signing, and measures to block crash dumps from capturing key information—there remains a vulnerability. A sufficiently privileged attacker could exploit this brief signing window to access process memory and glean the key material. The specification directly addresses this risk, acknowledging that memory compromises are “not fully mitigated in the current in-process model.”
As the landscape of AI-driven financial transactions evolves, the introduction of the Open Wallet Standard may represent a critical step towards enhancing security and interoperability for AI agents interacting with blockchain environments.
