Coinbase Loses $300K After 0x Contract Error Enables MEV Bot Drain

The post Coinbase Loses $300K After 0x Contract Error Enables MEV Bot Drain appeared on BitcoinEthereumNews.com.

Coinbase lost about $300,000 in token fees after mistakenly approving assets to a 0x Project smart contract, allowing a maximal extractable value (MEV) bot to drain the funds. Deebeez, a security researcher at Venn Network, flagged the incident in a Wednesday post on X. He said Coinbase’s corporate wallet interacted with 0x’s “swapper” contract, a permissionless tool designed to execute swaps but not to receive token approvals. Since anyone can call the contract to perform arbitrary actions, granting approvals can expose assets to immediate theft. “This same swapper is known to have had issues with Zora claims on Base,” the researcher wrote, linking to past cases where the setup enabled malicious actors to extract funds without exploiting code vulnerabilities. Screenshots shared by Deebeez showed Coinbase granting approvals for tokens including Amp, MyOneProtocol, DEXTools and Swell Network on Wednesday afternoon. Soon after, an MEV bot called the swapper contract to transfer the approved tokens from Coinbase’s fee receiver account into its addresses. Coinbase loses $300,000 after using swapper incorrectly. Source: Deebeez Related: MEV arbitrageurs on Ethereum increasingly centralized MEV bot lurking in the dark Deebeez said the MEV bot that drained funds from Coinbase had been “lurking in the dark,” waiting for users to mistakenly approve the contract to drain all their funds. “Their dream came true thanks to Coinbase,” the researcher wrote. The researcher added that the incident, which drained the Coinbase fee receiver account of all its tokens, was an “expensive lesson” for the team. Coinbase chief security officer Philip Martin confirmed the incident, describing it as an “isolated issue” linked to a configuration change in one of the exchange’s corporate DEX wallets. “No customer funds were affected,” Martin said, adding that Coinbase revoked the token allowances and moved remaining funds to a new corporate wallet. Related: Crypto MEV…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ August 15, 2025 2:25 am