$300k Vanishes: MEV Bots Exploit Coinbase’s Token Swap Blunder in Broad Daylight
Another day, another crypto heist—only this time, the victim's a $50B exchange.
When Coinbase misconfigured a token swap last week, opportunistic MEV bots pounced like hyenas on a wounded gazelle. The result? A $300k bloodletting—executed in milliseconds by algorithms with no moral compass.
How it went down:
1. The Setup: Coinbase's engineers left arbitrage gaps wide enough to drive a blockchain through.
2. The Takedown: MEV bots—specializing in 'maximal extractable value'—sniffed the weakness and front-ran the trade.
3. The Aftermath: Another 'oops' moment for centralized exchanges pretending they've mastered DeFi's wild west.
Funny how these 'glitches' always seem to benefit someone else's bottom line. Maybe next time, they'll remember: in crypto, even the house isn't safe from the wolves.
MEV Bots Drain Coinbase (Source: X/Deebeez)
As a result of this oversight, the MEV bots drained Coinbase’s fee receiver account of all accumulated tokens.
He added:
“There appears to have been an MEV bot lurking in the dark, waiting for users to mistakenly approve to this contract – and then drain all their funds. Well, their dream came true thanks to Coinbase.”
Coinbase’s response
Coinbase Chief Security Officer Philip Martin confirmed the breach was an isolated event.
According to Martin, the incident stemmed from a recent change to one of the company’s corporate decentralized exchange (DEX) wallets, which led to unauthorized token transfers.
Meanwhile, he stressed that the incident impacted no customer assets.
Martins added that the exchange has since revoked token allowances and moved its holdings to a new corporate wallet to prevent further losses.
This security incident follows an insider-driven data breach that exposed the personal information of nearly 70,000 users.
Coinbase reported that the perpetrators attempted to extort $20 million in Bitcoin. They also used the stolen data to impersonate company staff in sophisticated social engineering schemes, which reportedly led to the theft of millions of dollars.
Since then, Coinbase said it has strengthened its security protocols to prevent future attacks and terminated the employees implicated in the breach.
