‘Expensive lesson’: Coinbase loses $300K token fees in 0x contract error
Coinbase lost $300,000 in token fees after mistakenly approving assets to a 0x swapper contract, enabling an MEV bot to drain its corporate wallet.
Coinbase lost about $300,000 in token fees after mistakenly approving assets to a 0x Project smart contract, allowing a maximal extractable value (MEV) bot to drain the funds.
Deebeez, a security researcher at Venn Network, flagged the incident in a Wednesday post on X. He said Coinbase’s corporate wallet interacted with 0x’s “swapper” contract, a permissionless tool designed to execute swaps but not to receive token approvals.
Since anyone can call the contract to perform arbitrary actions, granting approvals can expose assets to immediate theft. “This same swapper is known to have had issues with Zora claims on Base,” the researcher wrote, linking to past cases where the setup enabled malicious actors to extract funds without exploiting code vulnerabilities.
