Coinbase concedes $300K loss to MEV bot attack due to 0xProject swapper oversight

The post Coinbase concedes $300K loss to MEV bot attack due to 0xProject swapper oversight appeared on BitcoinEthereumNews.com.

Coinbase has lost $300,000 in accumulated fees to an MEV bot after interacting with the 0xProject swapper smart contract. Pseudonymous security researcher deebeez disclosed this on X, noting that the exchange used the swapper incorrectly. According to Deebeez, the 0xProject contract, which can be used for executing swaps, is permissionless. This means anyone can use it to execute any action without restrictions. Due to this reason, it is not suitable for receiving token approvals. However, Coinbase seems to have been unaware of this, as it initiated approvals for tokens of protocols such as DEXTools, Swell Network, MyOneProtocol, Amp, Data Lake, Ondo Finance, and Destra Network, allowing a MEV bot to swoop in and drain all the funds once the exchange approved the contract. He said: “There appears to have been an MEV bot lurking in the dark, waiting for users to mistakenly approve to this contract – and then drain all their funds. Well, their dream came true thanks to coinbase.” The researcher described the incident as an expensive lesson for the Coinbase team, a fact that the team itself has also acknowledged. Coinbase chief security officer Philip Martin confirmed the incident while adding that it is an isolated issue due to changes to one of its corporate DEX wallets. He added that the incident did not affect any customer funds, with the team now “revoking token allowances and  moving funds to a new corporate wallet.” Meanwhile, some users recommended that this could have been prevented if the mempool had been encrypted. However, Deebeez noted that sandwich attacks are not identical to MEV attacks, and encrypting the mempool will only prevent sandwich attacks. Incident adds to criticisms against Coinbase Unsurprisingly, the incident represents another sore point for Coinbase critics, although it did not impact the exchange users. Some critics noted…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ August 14, 2025 11:25 am