Recently, the cryptocurrency space has seen an increase in attacks involving malicious bots and extensions. Coinbase suffered a loss of $300,000, while an Ethereum developer fell victim to theft due to malicious software.
Events Surrounding Coinbase's Losses
Coinbase lost approximately $300,000 due to inattentiveness related to the erroneous approval of assets for the 0x Project smart contract, allowing an MEV bot to drain the funds. Venn Network researcher Deebeez was the first to report the incident, indicating that a Coinbase corporate wallet interacted with the "swapper" contract. This tool is meant for executing token swaps, and allowing such approvals opened the door for hackers.
Impending Vulnerabilities and Their Consequences
The swapper contract can be called by any user to perform actions, effectively allowing malicious actors to move tokens without exploiting code vulnerabilities. Researcher Deebeez noted that this incident was an expensive lesson for Coinbase, as funds were drawn from their fee wallet.
Attacks on Ethereum Developers
In another case, Ethereum core developer Zak Cole reported that he was targeted by a wallet drainer associated with a rogue code assistant that stole his private key. The extension, presented as an AI assistant, allowed the attacker access to Cole's wallet for three days before draining the funds. This situation once again highlights the growing issue of wallet theft in the cryptocurrency industry.
The increase in attacks on crypto wallets and the role of bots indicates a need for stricter security measures in the sector. This incident emphasizes the importance of attention to configurations and the vetting of installed extensions.
