- Trending
- Comments
- Latest
Coinbase has confirmed a $300,000 token fee loss after a misconfigured smart contract approval exposed its corporate wallet to an MEV bot exploit. The incident highlights growing risks in decentralized finance where a single error in permissions can trigger significant financial damage.
Coinbase $300K token fee loss occurred when the company’s corporate wallet interacted with a 0x Project smart contract inadvertently granting approval for several tokens. This misstep enabled a maximal extractable value (MEV) bot to swiftly transfer the approved assets out of Coinbase’s fee receiver account.
Deebeez, a security researcher at Venn Network was the first to flag the Coinbase $300K token fee loss in a post on X. He explained that the 0x swapper contract is a permissionless tool meant for executing swaps and not for receiving token approvals because anyone can call this contract to perform arbitrary actions and granting approvals can expose assets to immediate theft which was a risk that materialized in the Coinbase $300K token fee loss.
The researcher also noted that this same swapper contract has previously been linked to issues with Zora claims on Base, referencing earlier cases where similar setups allowed malicious actors to extract funds without exploiting code vulnerabilities. Screenshots shared by Deebeez showed Coinbase granting approvals for tokens such as Amp, MyOneProtocol, DEXTools, and Swell Network, setting the stage for the Coinbase $300K token fee loss.
Shortly after these approvals, a MEV bot called the swapper contract transferred the approved tokens from Coinbase’s fee receiver account into its own addresses completing the Coinbase $300K token fee loss. Deebeez described the MEV bot as “under-the-radar-snatcher,” waiting for such approval mistakes to occur.
“Their dream came true thanks to Coinbase,”
He wrote as emphasis on the costly nature of the Coinbase $300K token fee loss.
Coinbase’s chief security officer, Philip Martin has confirmed the Coinbase $300K token fee loss calling it an “isolated issue” tied to a configuration change in one of the exchange’s corporate DEX wallets. He reassured users that no customer funds were affected by the Coinbase $300K token fee loss and that Coinbase had revoked the token allowances and moved the remaining funds to a new corporate wallet.
The Coinbase $300K token fee loss is not the only recent example of MEV bot exploits. In April, a MEV bot lost $180,000 in Ether after an attacker exploited a vulnerability in its access control system. Similarly, in 2023, a rogue validator exploited MEV bots attempting “sandwich trades,” stealing $25 million in digital assets, including WBTC.
The Coinbase $300K token fee loss serves as a stark reminder of the risks associated with smart contract approvals and the importance of robust security practices in the crypto industry.
Copyright © 2025 - The Bit Gazette.
