Makina Finance Loses $4.13M in Flash Loan Exploit On Curve Pool
Makina Finance suffered a flash mortgage exploit on January 20, ensuing in a lack of $4.1 million.
The attacker leveraged MEV bots to front-run transactions, which allowed them to empty 1,299 ETH from the protocol.
Details of the Breach
Blockchain safety agency PeckShieldAlert reported on X that Makina Finance was exploited for about 1,299 ETH, value round $4.13 million. On-chain knowledge exhibits the attacker focused the Dialectic USD/USDC Stableswap pool by manipulating its worth.
According to CertiKAlert, the breach started with the hacker borrowing a flash mortgage of 280 million USDC. Using 170 million USDC, they proceeded to control the MachineShareOracle, which the DUSD/USDC pool depends on for pricing. The attacker then swapped 110 million USDC via the pool, extracting roughly $5 million in worth.
A MEV bot, working from deal with 0xa6c2, front-ran the transaction, executing a sequence of fast trades that drained about 1,299 ETH from the pool. The stolen funds have been later moved to 2 addresses, with 0xbed2 holding about $3.3 million and 0x573d retaining $880,000.
Makina Finance has since addressed the scenario through their social media, stating,
“Gmak, early this morning we acquired experiences concerning an incident with the $DUSD Curve pool.”
The agency’s workforce clarified that the difficulty is proscribed solely to its DUSD liquidity supplier positions on Curve, with no indicators that different belongings or deployments are affected. The workforce additionally confirmed the security of the underlying belongings saved in the machines.
As a precaution, safety mode has been activated throughout all machines whereas the workforce continues to evaluate the scenario. Liquidity suppliers in the DUSD Curve pool have additionally been suggested to withdraw their funds.
Elsewhere, CyversAlerts has flagged suspicious transactions involving SynapLogic on Base. Reports indicate that the hacker was initially funded via Tornado Cash on Ethereum earlier than bridging funds to Base utilizing GasZip and later acquired about 144,000 SYP tokens.
However, SynapLogic later confirmed that the difficulty has been totally resolved, stating that its methods are working usually and that every one consumer funds stay secure.
Truebit Update
The episode comes barely every week following the primary main DeFi hack of 2026. The Truebit Protocol lately experienced a safety breach, ensuing in the lack of roughly $26.5 million in ETH. Investigations discovered that the hacker had taken benefit of a vulnerability in the good contract’s pricing logic, which allowed them to mint TRU tokens without charge.
Following the exploit, the challenge’s workforce introduced that it was investigating the scenario. At the time of writing, no official restoration plan has been introduced, and the exploited funds stay on-chain.
Meanwhile, on-chain safety corporations like SlowMist and Certik have printed post-mortems, warning that outdated Solidity variations stay a systemic danger in DeFi. The former advisable that such methods needs to be protected utilizing the SafeMath library to forestall logic vulnerabilities brought on by integer overflows.
The put up Makina Finance Loses $4.13M in Flash Loan Exploit On Curve Pool appeared first on CryptoPotato.
