⚠️ Incident Report: Coinbase suffered a $300,000 loss due to an MEV bot exploit.
🔹 Cause: Misconfigured token approvals granted to the 0x Project swapper contract designed for executing swaps, not holding allowances.
🔹 Discovery: Security researcher Deebeez (Venn Network) revealed the bot had been “lurking,” executing immediately upon the error.
🔹 Impact: Losses limited to corporate wallet token fees. No customer funds were affected. Coinbase quickly revoked approvals and secured assets.
🔹 Key Takeaway: Smart contracts and automated bots do not wait. Defaults and misconfigurations can be instantaneously exploited.
✦ Actionable Reminder: Audit all token approvals, even in internal or corporate wallets security missteps cost real capital.