When Coinbase announced that users could now trade millions of ERC-20 DEX tokens directly from their Coinbase app, it marked a major moment for decentralized access — one that didn’t compromise on safety.

To understand where Coinbase was leveraging our platform, we sat down with Eric Meng, who leads security for Coinbase’s new Retail DEX trading integration. Eric shared how TestMachine quietly powers this new layer of token safety, helping Coinbase safely scale to millions of tokens.

Scaling Trust in an Open Ecosystem

Eric began by describing the challenge behind the DEX integration.

“The entire DEX ecosystem on Base would now be available to retail users,” he said. “But with that scale comes significant risk.”

Those risks aren’t theoretical. Many ERC-20s include hidden mechanics — confiscation clauses, proxy upgrades, or blacklist features — that can put users at risk long after a token goes live.

“Traditional audits can’t always detect these behaviors fast enough,” Eric explained. “That’s where TestMachine steps in.”

He elaborated that Coinbase’s focus isn’t just on finding code vulnerabilities, it’s on uncovering malicious privileges hidden in plain sight.

“Finding contract vulnerabilities is a secondary objective,” Eric said. “There are many security providers that focus on surfacing bugs, but for trading ERC-20 tokens, that’s not how most users lose money. They’re getting scammed through obfuscated functions that standard audits overlook. Our goal is to detect those hidden privileges early, and try to get to them first before our users do.”

A Deterministic Layer for Token Safety

At the heart of the integration is Predator, TestMachine’s AI-driven engine that continuously simulates live contract behavior to detect risks before users ever see them.

For Coinbase, this system has become essential infrastructure and a foundation for scaling safely. That continuous monitoring ensures that token behavior is validated on an ongoing basis, giving Coinbase the confidence to expand decentralized access without compromising its security posture.

Eric pointed out that the same standards apply across all Coinbase token offerings, not just the DEX.

“TestMachine’s product is seamlessly integrated into the overall risk process, including the centralized exchange and the decentralized exchange integration,” he said.

That unified model allows Coinbase to apply consistent safety logic across every platform, from institutional custody to on-chain retail products.

Beyond Static Code Analysis

Static analysis provides a snapshot. A moment-in-time view of a token’s code. But onchain assets evolve. Contracts can be upgraded, proxies re-pointed, or permissions silently expanded. These changes often happen after initial audits, creating blind spots that traditional scanners can’t catch.

TestMachine bridges that gap with continuous AI-driven behavior monitoring. Rather than analyzing code once, its system re-simulates tokens as they evolve, using machine learning models to detect behavioral shifts and surface new capabilities in near real time. This live process ensures that Coinbase’s listings reflect the current behavior of every contract. Not just the version that was originally deployed.

“Tokens aren’t static. They change, upgrade, and sometimes behave differently days or weeks after launch,” Eric said. “Having an AI system that continuously re-evaluates those behaviors gives us a live picture of risk. That’s what makes this integration so valuable.”

That continuous visibility has become a core differentiator as Coinbase scales to millions of assets.

A New Standard for DEX Safety

Coinbase’s DEX integration shows that safety and access can coexist. By pairing open markets with AI-driven behavioral intelligence, Coinbase and TestMachine are setting a new standard for how Web3 platforms grow responsibly.

Behind every listed token is a layer of adaptive intelligence made up of automated simulations, deterministic checks, and continuous AI validation that ensure state changes are also captured, even as contracts evolve. Instead of treating audits as a single event, TestMachine transforms token security into a living system that updates as the blockchain itself changes.

Under the hood, TestMachine’s reinforcement learning engine observes how contracts behave inside a high-fidelity EVM simulation. The AI agent tries different combinations of function calls, explores new contract states, and learns which interactions might break a token’s core guarantees. As it receives feedback from these attempts, the system becomes better at identifying the kinds of hidden privileges, state changes, and behavioral shifts that often appear only after deployment.

These simulations run continuously inside TestMachine’s controlled execution environment, which mirrors real blockchain conditions and provides a consistent sandbox for learning. Because this environment feeds the AI new behaviors as they emerge in the wild, it allows Coinbase to benefit from a system that improves over time. The result is a safety layer that adapts as quickly as new tokens and attack patterns appear.

“It is helpful to have an AI system that keeps learning from new token behaviors. It gives us an edge in this game of cat and mouse where risks will likely appear,” Eric said.

Together, Coinbase and TestMachine are proving that scale and trust can move in lockstep, and that the next era of decentralized trading will be defined by intelligence, not compromise.

Learn more about how TestMachine powers token safety at testmachine.ai or reach us at contact@testmachine.ai. Experience and learn more about Coinbase DEX.

Disclaimer: Coinbase & TestMachine make no guarantees that users will not be exposed to malicious tokens on Coinbase DEX. 

John Calabrese