Coinbase Loses $300,000 to MEV Bots After Critical Token Approval Misconfiguration

Coinbase, the largest U.S.-based cryptocurrency exchange, has suffered a $300,000 loss after MEV (Maximal Extractable Value) bots exploited a misconfiguration involving the 0xProject’s token swap platform.

This incident highlights ongoing security risks in decentralized finance (DeFi), where even the largest and most well-funded platforms remain vulnerable to technical oversights.

How the Breach Unfolded

On August 13, pseudonymous blockchain security researcher Deebeez revealed that Coinbase mistakenly used the 0x swapper contract to approve tokens, a function that the contract was never intended to perform.

Deebeez explained:

"0x has a swapper which is never meant to get approvals. This same swapper is known to have had issues with Zora claims on Base, since it allows users to have it make arbitrary calls."

This oversight meant Coinbase had inadvertently granted unlimited token spending permissions to the swapper contract. The tokens in question were fees collected by Coinbase’s decentralized exchange (DEX) router. This created the perfect opportunity for MEV bots to exploit the flaw.

MEV Bots Waiting for a Mistake ...

read more 24crypto .news