Crypto exchange Coinbase lost roughly $300,000 in token fees after a misconfigured interaction with decentralized exchange protocol 0x’s “swapper” contract allowed MEV bots to siphon funds from one of its corporate wallets.

Coinbase’s chief security officer Philip Martin confirmed the mishap and called it an “an isolated issue” tied to a change in one of the exchange’s corporate DEX wallets. He stressed that no customer funds were affected, per an X post.

Security researcher “deeberiroz” of Venn Network first flagged the exploit on Wednesday, saying Coinbase mistakenly approved tokens to the swapper contract — a permissionless tool designed for executing swaps but not intended to hold token allowances.

That setup opened the door for opportunistic MEV bots, which immediately drained the

See Full Page