Coinbase (COIN) has admitted to losing about $300,000 in token fees after a serious error involving a 0x Project smart contract. Security researcher Deebeez from Venn Network spotted the issue on Wednesday. He said Coinbase’s corporate wallet approved tokens to a 0x “swapper” contract, a permissionless tool designed to execute swaps but not to receive token approvals.
Elevate Your Investing Strategy:
- Take advantage of TipRanks Premium at 50% off! Unlock powerful investing tools, advanced data, and expert analyst insights to help you invest with confidence.
Approving tokens to this type of contract is risky because anyone can trigger it to perform actions, including transferring assets. In this case, that mistake allowed a maximal extractable value (MEV) bot to drain the approved tokens almost immediately. Deebeez linked the setup to past cases where similar permissions were abused without exploiting any vulnerabilities in the contract code.
MEV Bot Strikes Instantly
Once the approval was granted, the MEV bot acted fast. It called the swapper contract and transferred the tokens from Coinbase’s fee receiver account into its own wallets. Screenshots shared by Deebeez showed approvals for multiple tokens, including Amp, MyOneProtocol, DEXTools, and Swell Network.
The researcher described the incident as an “expensive lesson” for Coinbase, noting that the bot had been waiting for such an opportunity. “Their dream came true thanks to Coinbase,” he wrote. The transfer drained the account of all its tokens in one move.
Coinbase Responds
Coinbase chief security officer Philip Martin confirmed the loss and described it as an “isolated issue” caused by a configuration change in one of the company’s corporate DEX wallets. He stressed that no customer funds were affected. Coinbase quickly revoked the token allowances and moved the remaining corporate funds to a new wallet.
While the amount lost was relatively small compared to Coinbase’s overall holdings, the incident highlights the speed at which automated bots can exploit even minor operational errors. It also underlines the importance of strict approval controls when interacting with permissionless smart contracts.
MEV Exploits on the Rise
This is not the first time MEV bots have been at the center of major losses. In April, one bot lost $180,000 in Ether after an attacker exploited a flaw in its access control system. In another high-profile case in 2023, a rogue validator stole $25 million from MEV bots trying to perform “sandwich trades.”
These incidents show that while MEV bots are built to take advantage of blockchain inefficiencies, they can just as easily become victims. If their interactions are not carefully secured, they can be turned against their owners in a matter of seconds, often with no chance to recover the stolen funds.
Is Coinbase Stock a Good Buy?
While the $300,000 contract error was a setback, Wall Street still sees upside for Coinbase shares. Data from 30 analysts over the past three months gives the stock a Moderate Buy rating, with 14 Buys, 14 Holds, and only two Sells.
The average 12-month COIN price target sits at $367.25, which is about 15.8% higher than the recent price of $317.08.
