Coinbase Loses $300,000 in Token Fees Due to MEV Exploit
Coinbase lost approximately $300,000 in token fees due to a misconfigured interaction with the 0x decentralized exchange protocol's "swapper" contract. This incident allowed MEV bots to exploit one of its corporate wallets.
Key points:
- Coinbase's chief security officer confirmed the issue as isolated and related to a change in a corporate DEX wallet.
- No customer funds were impacted.
- The exploit was flagged by security researcher “deeberiroz” from Venn Network.
- Coinbase mistakenly approved tokens for the swapper contract, which is designed for executing swaps but not holding token allowances.
- MEV bots quickly drained the wallet after approvals were made.
- MEV refers to maximizing profits by front-running or reordering transactions on the blockchain.
- The breach highlights vulnerabilities even in major exchanges against automated trading exploits.
The event illustrates how MEV bots operate within blockchain ecosystems, profiting from transactional errors. They targeted Coinbase's fee receiver account following the mistaken approval of spending rights.