Crypto

Coinbase Mistakenly Approves Assets to 0x Swapper, Loses $300K

Posted by David Parker
Coinbase Mistakenly Approves Assets to 0x Swapper, Loses $300K
Facebook
X (Twitter)
Follow by Email
WhatsApp
Copy link
URL has been copied successfully!

The error occurred after a wallet interacted with a contract not intended to receive token approvals

Coinbase has confirmed it lost roughly $300,000 in tokens after mistakenly granting approvals to a 0x Project smart contract known as the “swapper.” The incident, first flagged by Venn Network security researcher Deebeez, occurred when the exchange’s corporate wallet interacted with the contract, which is designed for executing swaps but is not intended to receive token approvals. Because the swapper contract is permissionless, anyone can trigger it to perform arbitrary actions, making approved assets immediately vulnerable.

According to Deebeez, Coinbase’s fee receiver account approved tokens such as Amp, MyOneProtocol, DEXTools, and Swell Network for the swapper contract on Wednesday afternoon. Shortly after, a maximal extractable value (MEV) bot, which had apparently been monitoring for such approvals, called the contract to transfer the tokens into its own addresses. The researcher described the bot as “lurking” until an opportunity like this arose.

Deebeez noted that the same swapper setup has been linked to previous losses in unrelated cases, including issues with Zora claims on Base. In this incident, Coinbase’s fee receiver account was completely drained of its tokens, which he called a costly operational error.

Philip Martin, Coinbase’s chief security officer, confirmed the error and described it as an isolated issue stemming from a configuration change in one of the exchange’s corporate decentralized exchange wallets. He stressed that no customer assets were at risk and that Coinbase acted quickly to revoke token allowances and move remaining funds to a new wallet.

The loss adds to a series of MEV-related incidents in the crypto space. Earlier this year, a vulnerability in an MEV bot’s access control system cost it $180,000 in Ether, and in 2023, a rogue validator stole $25 million from MEV bots using “sandwich trade” tactics. In Coinbase’s case, the takeaway appears to be that even routine wallet interactions can become high-risk if permissions are misapplied.

Secure Banking

Safer Gambling

Our Responsible Gambling program verifies that all players are of legal age and provides customizable self-exclusion tools for our tables, sportsbook, and casino.

Need Help?

Instagram Facebook-f

AFFILIATE PROGRAM

Maximize your income through our affiliate marketing. Learn more >
Copyright © 2025 | ACRpoker.eu | T&Cs | All Rights Reserved

ACR Poker is better on desktop!

I'LL CHECK IT OUT LATER

Select the software version that is right for your Mac

Mac with Apple Chip

Most Common

Mac with Intel chip
How to find my chip architecture?