.png){kind=logo}
Coinbase lost crypto worth $300,000 after granting token approval to a contract that was never meant to receive token approvals. The error occurred when its corporate DEX wallet approved tokens to 0x’s swapper. MEV bots took notice of this and drained the Coinbase wallet almost instantly.
A pseudonymous researcher known as “deeberiroz” revealed the misstep on August 13. He noted that the swapper allowed arbitrary calls. That function turned into a trapdoor. It enabled bots to claim all tokens in the fee-receiver account. “Their dream came true thanks to Coinbase,” he said
Philip Martin, Chief Security Officer at Coinbase, confirmed the loss. He called it an isolated incident and that change to one corporate wallet triggered the error. He emphasized that no user funds suffered. He also said Coinbase revoked all permissions and the firm moved the assets to a new wallet to secure them.
This incident comes after a 2023 insider breach. That attack compromised the personal data of nearly 70,000 users. Attackers tried to extort $20 million in Bitcoin. During the complex attack, the perpetrators used the impersonation of company staff to conduct their affairs. Subsequently, Coinbase improved controls and fired employees involved in the scheme.
The event shows how delicate DeFi systems can be. Even a simple misconfiguration can cost hundreds of thousands. MEV bots act faster than human oversight. They wait for approval errors and strike within seconds. Exchanges must stay vigilant. They must audit code and approval logic. They must isolate fee wallets from risky protocols.
Coinbase acted quickly. The dangerously granted permissions were revoked and assets put out of harm's way. Such a measure ensured the safety of customer funds. Yet, the padded incident posed some questions. It magnifies the rising threat of smart contract misconfiguration; it pushes the need for hardened DeFi operations. Exchanges must therefore classify smart contract settings as high-risk.
This episode shows that DeFi security is more than a buzzword. It demands constant oversight. It demands strict configuration rules. One careless approval can cost a large sum. MEV bots exploit those gaps mercilessly. They turn tiny mistakes into big losses.
Coinbase now faces new scrutiny. Observers will watch how it maintains safe DeFi interactions. The incident may prompt more audits across the industry. Every exchange may tighten its approval logic. The goal is clear: stop MEV bots before they strike again.
Also Read – Coinbase and PayPal Bypass Interest Ban to Offer Up to 4% Stablecoin APY
