🔓 Coinbase lost $300,000 due to erroneous permission for 0x swapper

Coinbase lost approximately $300,000 in token fees after mistakenly allowing the use of assets by the 0x swapper smart contract. This enabled an MEV bot to withdraw funds from the company's wallet.

A security researcher from Venn Network under the nickname Deebeez reported that Coinbase's corporate wallet interacted with the 'swapper' contract from 0x — a permissionless tool for executing exchanges.

Since anyone can call the contract to perform arbitrary actions, granting permission to use assets paves the way for their immediate theft.