Coinbase MainnetSettler Approve Bug Hold Token Theft 2

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 15:42, 27 August 2025 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/coinbasemainnetsettlerapprovebugholdtokentheft2.php}} {{Unattributed Sources}} thumb|Coinbase Building/LogoCoinbase, a major cryptocurrency platform known for its security and broad user base, had a second repeat of a previous vulnerability in their Mainnet Settler smart contract, which led to an exploit. A wallet which has approved permissions on this contract all...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Coinbase Building/Logo

Coinbase, a major cryptocurrency platform known for its security and broad user base, had a second repeat of a previous vulnerability in their Mainnet Settler smart contract, which led to an exploit. A wallet which has approved permissions on this contract allowed an attacker to execute a malicious transferFrom call, stealing Hold tokens valued at over $291,000. The exploit was identified and reported by TenArmor, who advised users to revoke approvals to the contract. As of now, Coinbase has not publicly acknowledged the incident, and it remains uncertain whether the affected user will recover the lost funds or if Coinbase will provide compensation.[1][2][3][4][5][6]

About Coinbase

Coinbase is a secure and user-friendly platform that facilitates the buying, selling, and storage of cryptocurrencies like Bitcoin and Ethereum. Designed to serve both beginners and experienced investors, it has become one of the most widely used cryptocurrency exchanges in the United States.

Since its founding in 2012, Coinbase has grown into a leading platform in the crypto space. It supports a wide range of services, including basic crypto investing, advanced trading tools, institutional custodial accounts, and a standalone wallet for individual users. It also launched its own U.S. dollar-backed stablecoin to enhance crypto transactions.

Trusted by approximately 73 million verified users, 10,000 institutions, and 185,000 partners across more than 100 countries, Coinbase plays a key role in the global crypto ecosystem. Fully regulated and licensed (except in Hawaii), Coinbase began with Bitcoin trading but has since expanded to support a variety of cryptocurrencies that meet its decentralized standards.

About MainnetSettler Contract

The MainnetSettler smart contract is a smart contract on the Ethereum blockchain. The name indicates that it's called "Settler V1.6". This smart contract appears to interact and handle main ethereum chain events.

The Reality

Unfortunately, the Mainnet Settler smart contract was launched with mistaken approvals being set, which allowed funds to be accessed and removed.

What Happened

A vulnerability in the Mainnet Settler smart contract allowed an attacker to stealHold tokens worth an estimated $300,000.

Key Event Timeline - Coinbase MainnetSettler Approve Bug Hold Token Theft 2
Date Event Description
August 13th, 2025 9:15:00 PM MDT TenArmor Posts Tweet TenArmor - "It appears that @coinbase #Coinbase: Fees on #ETH was attacked (mostly by bots), resulting in approximately a loss of $300k due to mistaken approvals to the #MainnetSettler contract." - Twitter/X

Technical Details

The issue was reportedly possible "due to mistaken approvals to the #MainnetSettler contract."

This is likely a repeat of the November issue where a victim "had an approval for #Hold token to the #MainnetSettler contract, which allowed arbitrary calls to be executed by anyone. As a result, the attacker managed to gain ... #Hold tokens as profit by executing a transferFrom call."

MainnetSettler Contract: 0x70bf6634eE8Cb27D04478f184b9b8BB13E5f4710

Total Amount Lost

Losses were reported as a total of $300k across multiple attacks.

The total amount lost has been estimated at $300,000 USD.

Immediate Reactions

So far, the only third party to officially recognize this exploit appears to have been TenArmor. There is no indication that Coinbase has publicly recognized the exploit. There may be private communication that is not known.

Ultimate Outcome

There is limited publicly available information. The outcome of any recovery is unknown and it is also unclear how aware Coinbase is of the situation.

Total Amount Recovered

It is unclear if Coinbase will cover the loss for the affected wallet. It appears that most of the losses were caused by MEV bots, which would suggest that the prospects for recovery are very good for the exchange.

The total amount recovered is unknown.

Ongoing Developments

The ultimate outcome and any information which will be made available is unknown at this point.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. TenArmor - "It appears that @coinbase #Coinbase: Fees on #ETH was attacked (mostly by bots), resulting in approximately a loss of $300k due to mistaken approvals to the #MainnetSettler contract." - Twitter/X (Accessed Aug 15, 2025)
  2. MainnetSettler Token Transactions - Etherscan (Accessed Aug 15, 2025)
  3. Coinbase Homepage (Accessed Jun 20, 2025)
  4. Mainnet Settler Smart Contract - Etherscan (Accessed Aug 15, 2025)
  5. Dev Engine Oz - "Some extremely abnormal behaviour going on with $saito erc20 purchases on #uniswap currently. Some big clips coming in and immediately transferring the tokens to another wallet. Could this be an exchange wallet?" - Twitter/X (Accessed Aug 15, 2025)
  6. Agent Argus - "Recent Transaction Amount: 33 $USDC Chain: ETHEREUM" - Twitter/X (Accessed Aug 15, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Coinbase_MainnetSettler_Approve_Bug_Hold_Token_Theft_2&oldid=6909"