A recent incident led to a $300,000 loss for cryptocurrency exchange Coinbase due to an error related to token permissions in a DEX contract.
Incident Description
Security researcher "deeberiroz" from Venn Network flagged the incident on Wednesday, stating that Coinbase mistakenly approved tokens for the swapper contract—a permissionless tool not intended to hold tokens. This allowed MEV (maximal extractable value) bots to instantly transfer out the funds once approvals went live.
Loss Confirmation
Coinbase's chief security officer Philip Martin confirmed the loss, describing it as 'an isolated issue' tied to a change in a corporate DEX wallet. He emphasized that no customer funds were affected.
Previous Incidents
In May, Coinbase faced a $20 million extortion attempt after cybercriminals recruited overseas customer service contractors to leak user data. The company stated that a small group of support agents hired through third-party vendors had been bribed by external actors to access internal systems.
While the $300,000 hit is minor for Coinbase, the episode highlights how even large exchanges remain vulnerable to targeted automated exploits in the decentralized finance ecosystem.
