Currently, Coinbase has reported a loss of about $300,000 due to a vulnerability in their corporate wallet related to the 0x Project smart contract.
Discovery of the Vulnerability
Security researcher from Venn Network, deeberiroz, reported that Coinbase's wallet mistakenly approved tokens for a "swapper" contract. According to the information provided by the researcher, tokens ONDO, AMP, SWELL, and others were involved.
"Thanks for flagging. I can confirm this is an isolated issue due to a change we made with one of our corporate DEX wallets, which led to unauthorized transfers. No customer funds were impacted. We’re revoking token allowances and are moving funds to a new corporate wallet." — Philip Martin (@SecurityGuyPhil) August 13, 2025.
What is the 0x Protocol?
Launched in 2016, the 0x Protocol is an open-source, Ethereum-based infrastructure that enables peer-to-peer digital asset trading. It comprises a collection of publicly audited smart contracts that developers can use to create trading applications. The protocol is highly flexible and is utilized by many platforms to pool liquidity and facilitate token swapping.
Consequences of the Incident
In the Coinbase case, MEV bots were successful in draining the funds due to the exchange's improper setup of approval, which enabled bots to invoke the swapper contract and carry out unauthorized transfers of the approved tokens. This incident highlights the importance of proper configuration of smart contracts in trading and cryptocurrency sectors.
Thus, the incident involving Coinbase illustrates the complexities and risks associated with utilizing smart contracts and automated trading programs, emphasizing the need for more stringent oversight in this area.
