Close Menu
    Crime

    Coinbase Suffers $300,000 Loss Due to Misconfigured 0x Swapper Contract

    Coinbase lost $300,000 in token fees due to a misconfiguration with the 0x Project’s swapper contract, but no customer funds were affected.
    Kelvin MuneneBy 3 Mins Read

    TLDR

    • Coinbase lost $300,000 from a misconfigured contract with the 0x Project.

    • MEV bots exploited a token approval mistake, draining Coinbase’s funds.

    • Coinbase confirmed the loss was isolated and no customer funds were affected.

    • Coinbase revoked token allowances and moved funds to a new corporate wallet.

    Coinbase has reportedly lost approximately $300,000 in token fees after interacting with a misconfigured contract from the 0x Project. A blockchain security researcher, known on X (formerly Twitter) as “deeberiroz,” identified the issue on August 13, 2025. The researcher found that Coinbase mistakenly approved tokens for an unintended contract on the 0x decentralized exchange, which led to the loss. The tokens involved included Amp, MyOneProtocol, DEXTools, and Swell Network.

    The 0x Project provides a “swapper” contract for decentralized peer-to-peer exchanges. The contract is permissionless, meaning anyone can interact with it. However, the contract is not designed to handle token approvals, making it prone to risks. The security researcher warned that such setups have led to previous issues, such as Zora’s airdrop claims on the Base Layer 2 network.

    How MEV Bots Exploited the Token Approval Mistake

    According to the researcher’s report, MEV (Maximum Extractable Value) bots were able to exploit Coinbase’s approval mistake.

    These bots typically wait for users to approve tokens to a contract and then act quickly to drain the funds. In this case, the bots took advantage of Coinbase’s approval and transferred the tokens to their own addresses.

    The bots executed the malicious transactions using the 0x swapper contract. Since this contract is permissionless, anyone can interact with it, including malicious actors. The MEV bots seem to have been anticipating such mistakes and, unfortunately, Coinbase’s oversight provided them with an opportunity to execute their plan.

    Coinbase Responds to the Issue

    Coinbase’s Chief Security Officer (CSO) Philip Martin addressed the incident in a response to the researcher’s findings.

    He confirmed that the issue was isolated and resulted from a change made to one of Coinbase’s corporate decentralized exchange (DEX) wallets. Martin reassured users that no customer funds had been affected by the incident.

    To mitigate the situation, Coinbase responded by revoking the token allowances linked to the misconfigured contract. The company also moved its funds to a new corporate wallet to prevent further unauthorized transfers. Martin emphasized that Coinbase has taken appropriate steps to prevent such incidents from occurring in the future.

    Following the loss, Coinbase is working to improve its security protocols to avoid similar mistakes in the future. The company has already taken immediate action by revoking token allowances and moving funds to a more secure wallet. Coinbase also plans to enhance its internal systems to ensure that such errors do not affect customer funds.

    Kelvin Munene is a crypto and finance journalist with over 5 years of experience in market analysis and expert commentary. He holds a Bachelor's degree in Journalism and Actuarial Science from Mount Kenya University and is known for meticulous research in cryptocurrency, blockchain, and financial markets. His work has been featured in top publications including Coingape, Cryptobasic, MetaNews, Coinedition, and Analytics Insight. Kelvin specializes in uncovering emerging crypto trends and delivering data-driven analyses to help readers make informed decisions. Outside of work, he enjoys chess, traveling, and exploring new adventures.

    Related Posts

    BC Game Crypto: 100% Bonus & 400 Free Casino Spins, Claim Here!