Coinbase lost nearly $ 300,000 to token fees after incorrectly approved of property in a 0x project smart contract, allowing a maximum extract value (MEV) bot to deplete funds.
Deebeez, a security researcher on Venn Network, That -flag The incident in a Wednesday’s post on X. He said Coinbase’s corporate wallet was in contact with the 0x “swapper” contract, a tool without permission designed to perform swaps but could not receive token approved.
Because anyone can call the contract to perform unjust actions, giving approval can expose possessions to immediate robbery. “The same swapper is known to have issues with Zora claims at the base,” the researcher wrote, linking the previous cases where the disabled actors enabled the evil actors to take funds without taking advantage of the weaknesses in the code.
Screenshots shared by Deebeez showed Coinbase providing approval for tokens including AMP, MyonEprotocol, Dextools and Swell Network on Wednesday afternoon. Soon, a MEV bot called the swapper contract to transfer approved tokens from the recipient’s account of the Coinbase fee to its addresses.
Related: MEV arbitrageurs in Ethereum are increasingly centralized
Mev bot that is disturbing in the dark
Debez said The mev bot That is the drained fund from the Coinbase is “disturbing in the dark,” waiting for users who mistakenly approve the contract to drain all their funds. “Their dream came true thanks to the Coinbase,” the researcher wrote.
The researcher added that the incident, which drained the recipient’s account of the Coinbase Fee of all its tokens, was a “expensive lesson” for the team.
Coinbase Chief Security Officer Philip Martin confirmed The incident, which describes it as an “isolated issue” linked to a change in adjusting to one of the corporate dex wallets of the exchange.
“No customer funds are affected,” said Martin, who added that Coinbase has revoked token allowances and transferred the remaining funds to a new corporate purse.
Related: Crypto Mev Bot launches Bot of Crypto Trading for individuals and business entrepreneurs
MEV BOT exploitation costs $ 180,000 to Ether
In April, a MEV bot Lost $ 180,000 to the ether (Eth) After an attack exploits an weakness in the control system. The attack reported the BOT’s ETH for an worthless token through a malicious pool created within the same transaction.
In a similar incident in 2023, a rogue validator exploited mev bots Testing “Sandwich Trades,” stealing $ 25 million in digital assets, including WBTC (Wbtc), USDC (USDC), USDT (USDT), Dai (Dai) and Weth (Weth).
https://www.youtube.com/watch?v=20zFedQDKL8
Magazine: Coinbase Hack shows the law probably won’t protect you – here’s why
