PANews reported on August 14, according to The Block, that Venn Network security researcher deeberiroz reported that due to a misconfiguration in the interaction between Coinbase and the 0x project's 'exchange' contract, Coinbase has incurred a cumulative loss of about $300,000. In response, Coinbase's Chief Security Officer Philip Martin stated that no customer funds were affected, and this was just an isolated incident.
0x Project provides an 'exchange', which is a contract specifically designed for executing exchanges. This contract is permissionless, anyone can call it to perform any operation without ownership restrictions. Since the contract is permissionless, it seems that bots have called the exchange contract to execute transfers, moving tokens approved in the Coinbase wallet to their own addresses.