Makina Finance lost $4.13m in flash loan curve pool.

The attacker used a 280 million USDC flash loan and verbal inducements to extract nearly $5 million.

Makina Finance suffered a flash loan exploit on January 20, resulting in a loss of $4.1 million.

The attacker hijacked the MEV bots' forward transactions, allowing them to withdraw 1,299 ETH from the protocol.

Details of the violation

Blockchain security firm PeckShieldAlert reported on X that Makina Finance was mined for around 1,299 ETH, which is around $4.13 million. According to on-chain data, the attacker targeted the Dialectic USD/USDC Stableswap pool by manipulating its price.

According to CertiKAlert, the breach began when the hacker took out a $280 million flash loan. Using 170 million USDC, the DUSD/USDC pool started to set up the MachineShare Oracle trust for value. The striker then exchanged $110 million in the pool, netting nearly $5 million.

The MEV bot, operating from address 0xa6c2, took the lead in the transaction, executing a series of quick transactions to spend 1,299 ETH from the pool. The stolen funds were later transferred to two addresses, 0xbed2 containing $3.3 million and 0x573d containing $880,000.

Makina Finance disclosed the situation through their social media,

“Gmak, we received reports of an incident on the $DUSD curve pool this morning.”

The company's team explained that the issue was limited to DUSD's liquidity supply curve, with no indication of other assets or deployments. The team also ensured the security of the underlying assets stored in the machines.

You may also like:

As a precaution, security mode is enabled on all machines while the team continues to assess the situation. Liquidity providers in the DUSD Curve pool have been advised to withdraw their funds.

Elsewhere, CyberAlert has flagged suspicious transactions involving SynapLogic on Base. Reports indicate that the hacker first used Tornado Cash in Ethereum funding to Base GasZip before and after connecting funds to about 144,000 SYP tokens.

However, SynapLogic later confirmed that the problem had been fully resolved, that the systems were operating normally and that all user funds remained safe.

Update Truebit

The show comes in 2018. The first major DeFi hack in 2026 is just one week away. The Trubit protocol recently suffered a security breach, resulting in a loss of approximately $26.5 million in ETH. Investigations revealed that the hacker exploited a vulnerability in the smart contract's pricing logic, which allowed them to generate TRU tokens at no cost.

Following the exploit, the project team announced that it was investigating the situation. At the time of writing, no official recovery plan has been announced and the exploited funds remain on-chain.

Meanwhile, on-chain security companies such as SlowMist and Certik have published postmortems, suggesting that outdated versions of Solidity remain a systemic threat in DeFi. It is recommended that such systems be secured using the SafeMaths library to prevent logic vulnerabilities caused by prime integer overflows.