🚨Coinbase Loses $300K in Token Fees Due to 0x Contract Error
🚧On August 13, 2025, Coinbase lost approximately $300,000 in token fees due to a misconfigured approval in a 0x Project Swapper contract, which allowed an MEV bot to extract assets from the company’s wallet.
🧩Key Details:
Faulty Approval: Coinbase’s wallet mistakenly granted the Swapper contract permission to access tokens such as Amp, MyOneProtocol, DEXTools, and Swell Network. The contract was designed for token swaps but was not meant to receive such approvals.
MEV Bot Exploit: Because the contract was permissionless, the bot quickly drained the approved tokens from Coinbase’s wallet.
Impact: Coinbase stated this incident affected only the company’s funds and did not impact customer funds.
⛑️Lesson Learned:
This incident highlights the importance of carefully managing token approvals when interacting with permissionless smart contracts to prevent MEV attacks and unintended losses.
Source: Cointelegraph
