Coinbase Loses $300K to MEV Bot; Ethereum Dev Hit by Drainer
Coinbase accidentally approved token allowances to 0x’s permissionless swapper. A lurking MEV bot exploited the misconfiguration to extract about $300,000 in AMP, MYOP, DEXT and SWELL fees. Coinbase CSO Philip Martin confirmed no customer funds were affected. All allowances were revoked and remaining assets moved to a new corporate wallet.
Shortly after, an Ethereum core developer fell victim to a malicious VS Code extension. The rogue Cursor AI plugin read his .env file, stole his private key and drained a few hundred dollars of ETH from his hot wallet. This wallet drainer attack underlines the growing threat of malware in development tools.
These incidents highlight persistent vulnerabilities in crypto security. Traders should audit token approvals, vet extensions, use hardware wallets and isolate key storage to mitigate MEV bot exploits and wallet drainer malware.
Neutral
In the short term, the loss of $300K in token fees and a minor ETH drain highlight security lapses but are unlikely to trigger large price swings. The affected tokens represent a small market share, and no customer funds were impacted at Coinbase. In the long term, these incidents reinforce the need for stronger permission controls and key management. While they may increase caution among traders, they do not alter fundamentals or token valuations, making the overall market impact neutral.