EddieJayonCrypto

 14 Aug 25

tl;dr

Coinbase lost about $300,000 after a misconfigured interaction with the 0x decentralized exchange protocol’s "swapper" contract allowed MEV bots to exploit one of its corporate wallets. The issue, confirmed by Coinbase’s chief security officer Philip Martin, affected only corporate funds and not cus...

Crypto exchange Coinbase suffered a loss of approximately $300,000 due to token fees being siphoned off after a misconfigured interaction with the decentralized exchange protocol 0x’s “swapper” contract. This contract allowed MEV (maximal extractable value) bots to exploit one of Coinbase's corporate wallets by exploiting an unintended token approval setup.

Philip Martin, Coinbase’s chief security officer, confirmed the incident and described it as an “isolated issue” linked to changes in a corporate DEX wallet. Importantly, Martin assured that no customer funds were impacted by the breach. The problem was initially flagged by security researcher “deeberiroz” from Venn Network, who pointed out that Coinbase had mistakenly approved tokens to the swapper contract—an open, permissionless tool designed for swaps but not for holding token allowances.

This misstep opened the door for MEV bots to act swiftly. These bots are known for front-running or reordering blockchain transactions to capture profits, and in this incident, they capitalized on the approval to drain the wallet before Coinbase could revoke the permissions. The bots exploited the contract’s public accessibility by calling it to transfer the approved tokens directly into their own addresses.

While the $300,000 loss is comparatively small for a major exchange like Coinbase, the breach highlights the persistent vulnerability of even top-tier platforms to sophisticated automated trading exploits. MEV bots frequently operate within Ethereum and other blockchains, leveraging mempool visibility and transaction ordering to profit from events like token launches and NFT mints. In this case, their strategy was simple yet effective: wait for a high-value wallet to make the critical approval mistake, then seize the tokens immediately.

Disclaimer

The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.
 29 Aug 25
 29 Aug 25
 29 Aug 25