Global blockchain supervision and query platform

English
Download

Coinbase Hit by Costly $300K MEV Bot Drain

Coinbase Hit by Costly $300K MEV Bot Drain WikiBit 2025-08-14 21:40

This allowed a maximal extractable value (MEV) bot to drain the funds. The issue was flagged by Venn Network researcher Deebeez, and stemmed from a

Tech

Coinbase Hit by Costly $300K MEV Bot Drain

This allowed a maximal extractable value (MEV) bot to drain the funds. The issue was flagged by Venn Network researcher Deebeez, and stemmed from a corporate wallet configuration change that allowed arbitrary token transfers. Coinbases chief security officer confirmed it was an isolated incident, with no customer funds affected. In a separate case, Ethereum core developer Zak Cole fell victim to a wallet drainer that was embedded in a malicious Cursor AI extension that stole his private key and drained his hot wallet.

MEV Bot Drains $300K From Coinbase

suffered a loss of around $300,000 in token fees after mistakenly approving assets to a 0x Project smart contract, which allowed a to drain the funds. The incident was first , a security researcher at Venn Network, who revealed in a post on X that Coinbase‘s corporate wallet interacted with 0x’s “swapper” contract. This permissionless tool is designed to execute token swaps, not to receive token approvals, and granting such approvals can leave assets exposed to immediate theft.

Because the swapper contract can be called by anyone to perform arbitrary actions, approvals effectively give malicious actors the green light to move tokens without exploiting any . Deebeez shared that this same contract has previously been linked to issues with Zora claims on Base, which allowed fund extractions through similar setups.

Screenshots that were shared by the researcher showed Coinbase granting approvals for tokens including Amp, MyOneProtocol, DEXTools, and Swell Network on Wednesday afternoon. Shortly afterward, a MEV bot called the swapper contract and transferred the approved tokens from Coinbases fee receiver account into its own addresses.

Describing the bot as having been “lurking in the dark” waiting for such a mistake, Deebeez said the incident provided the perfect opportunity for the attacker to act. He added that the loss, which drained the fee receiver account of all its tokens, was an “expensive lesson” for Coinbase.

Coinbase‘s chief security officer the event, and called it an “isolated issue” that was caused by a configuration change in one of the exchange’s corporate DEX . He made sure to mention that no customer funds were affected, and that Coinbase revoked the token allowances and moved the remaining funds to a new corporate wallet.

have become a lot more common. In April, a bot lost $180,000 in Ethereum after an attacker its access control system, swapping ETH for a worthless token through a malicious pool. In 2023, a rogue validator attempting sandwich trades, and stole $25 million in assets, including WBTC, , USDT, DAI, and .

Wallet Drainer Targets Ethereum Dev

Meanwhile, core developer Zak Cole revealed that he was targeted by a crypto wallet drainer linked to a rogue code assistant. In a Tuesday , Cole said that he installed a malicious extension from Cursor AI called “contractshark.solidity-lang,” which appeared legitimate with a polished icon, descriptive copy, and over 54,000 downloads.

Unbeknownst to him, the extension secretly read his .env file, extracted his , and sent it to an attackers server. This gave the attacker access to his hot wallet for three days before draining the funds on Sunday.

Cole has been in the crypto space for more than a decade, and said this was the first time he ever lost funds to hackers. The impact was limited to a “few hundred” dollars in Ethereum, as he uses small, project-specific hot wallets for testing and secures his primary holdings on hardware devices. He mentioned that the incident happened when he was rushing to ship a contract, and believes his urgency led to overlooked security checks.

The attack is part of the growing trend in which wallet drainers —which are malware designed to steal crypto assets — are becoming more prevalent. In September of 2024, a on the Google Play store stayed live for over five months, and stole more than $70,000 from investors. Malicious VS Code extensions in particular are emerging as a major attack vector for developers, often using fake publishers and typosquatting to trick users into installing them.

Hakan Unal, senior security operations lead at blockchain security firm Cyvers, advised that developers should thoroughly vet extensions, avoid storing sensitive information in plain text or .env files, use , and work in isolated environments. Adding to the concern, a report from AMLBot in April revealed that wallet drainers are now being . Scammers even rent them for as little as $100 in , making them more accessible than ever.

Disclaimer:

The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.

  • Crypto token price conversion
  • Exchange rate conversion
  • Calculation for foreign exchange purchasing
/
PC(S)
Current Rate
Available

0.00