|
Getting your Trinity Audio player ready...
|
- Corporate wallet approvals can create significant vulnerabilities if misconfigured.
- MEV bots exploit missteps quickly, emphasizing the need for strict smart contract controls.
- Coinbase acted fast to secure remaining assets, protecting customers from losses.
Coinbase recently suffered a $300,000 loss in token fees due to a misconfigured interaction with 0x Project’s swapper contract, highlighting the risks of corporate wallet approvals. Security researcher Deebeez from Venn Network flagged the incident on Wednesday, revealing how the exchange’s fee receiver account was drained by a maximal extractable value (MEV) bot.
Looks like @coinbase was recently drained of ~$300,000 after using @0xProject swapper incorrectly.
— deebeez (@deeberiroz) August 13, 2025
They approved all the tokens accrued as fees to their router, getting drained immediately by MEV bots 🧵 pic.twitter.com/yWNHl8nupg
How the MEV Exploit Happened
The issue stemmed from Coinbase granting token approvals to a permissionless swapper contract designed for executing swaps—not receiving approvals. Since anyone can call the contract to perform arbitrary actions, the misstep left Coinbase’s tokens exposed. Tokens including Amp, MyOneProtocol, DEXTools, and Swell Network were approved, enabling the MEV bot to immediately transfer the assets.
Deebeez noted that the swapper contract had previous vulnerabilities, such as issues with Zora claims on Base, demonstrating a recurring pattern in permissionless smart contract designs. The MEV bot “had been lurking in the dark,” waiting for such mistakes, and the Coinbase incident provided a lucrative opportunity.
Coinbase’s Response and Safeguards
Philip Martin, Coinbase’s Chief Security Officer, confirmed the incident as an isolated case caused by a configuration change in one of the exchange’s corporate DEX wallets. Crucially, no customer funds were affected. Coinbase promptly revoked the token allowances and moved remaining assets to a new corporate wallet, preventing further loss.
Also Read: Cathie Wood’s Ark Invest Buys $29M COIN Stock After 16% Crash on Weak Coinbase Q2 Earnings
The event underscores the growing sophistication of MEV bots, which exploit even small misconfigurations. In recent months, similar attacks have drained hundreds of thousands of dollars, including a $180,000 Ether loss in April and a $25 million multi-token exploit in 2023.
This incident serves as a reminder for crypto exchanges and corporate wallets to maintain rigorous security protocols when interacting with permissionless contracts.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses
I’m your translator between the financial Old World and the new frontier of crypto. After a career demystifying economics and markets, I enjoy elucidating crypto – from investment risks to earth-shaking potential. Let’s explore!
