Coinbase Hit by Costly $300K MEV Bot Drain
Main Idea
A Coinbase corporate wallet was drained of $300K by an MEV bot due to an approval vulnerability, while an Ethereum developer lost funds to a malicious AI extension.
Key Points
1. A maximal extractable value (MEV) bot exploited a Coinbase corporate wallet's approval to a 0x Project smart contract, draining $300K in tokens.
2. The issue was flagged by Venn Network's security researcher Deebeez, who noted the same contract had prior issues with Zora claims on Base.
3. Coinbase's chief security officer confirmed the incident, stating no customer funds were affected, and moved remaining funds to a new wallet.
4. Ethereum core developer Zak Cole lost funds after installing a malicious AI extension ('contractshark.solidity-lang') that stole his private key.
5. MEV bot exploits are increasing, with past incidents including a $180K Ethereum loss in April and a $25M theft by a rogue validator in 2023.
Description
This allowed a maximal extractable value (MEV) bot to drain the funds. The issue was flagged by Venn Network researcher Deebeez, and stemmed from a corporate wallet configuration change that allowed arbitrary token transfers. Coinbase’s chief security officer confirmed it was an isolated incident, with no customer funds affected. In a separate case, Ethereum core developer Zak Cole fell victim to a wallet drainer that was embedded in a malicious Cursor AI extension that stole his private key and...
Latest News
- Bull Flag Brewing: XRP Holds $3.10 as South Korea’s Deep Pockets Fan the Flames2025-08-14 15:02:32
- Justin Sun Sues Bloomberg Over Confidential Crypto Data Leak Threat2025-08-14 13:19:46
- Coinbase Hit by Costly $300K MEV Bot Drain2025-08-14 13:04:22
- Bitcoin Breaks $124K as Ethereum Nears 2021 High Amid Market Rally2025-08-14 12:59:54
- XRP at a Crossroads: Third Wave Breakout or Bull Trap?2025-08-14 11:08:21