Coinbase said about $300,000 in token fees were siphoned from one of its corporate wallets after the exchange mistakenly granted unlimited spending approval to the 0x protocol’s “swapper” contract. The misconfiguration allowed maximal-extractable-value bots to detect the permission and immediately drain the wallet, which serves as a fee receiver for the company’s on-chain activities. Chief Security Officer Philip Martin called the breach an isolated incident linked to a recent change in the wallet’s settings. He stressed that no customer assets were compromised and that Coinbase has revoked the errant token allowances and migrated the firm’s holdings to a new address to prevent further losses. While the financial impact is immaterial for the $20-billion exchange, the incident highlights how even large, regulated platforms remain exposed to sophisticated on-chain exploits that automatically front-run or reorder transactions when security controls lapse.