Makina Finance suffered a flash loan exploit on January 20, resulting in a loss of $4.1 million.

The attacker leveraged MEV bots to front-run transactions, which allowed them to drain 1,299 ETH from the protocol.

Details of the Breach

Blockchain security firm PeckShieldAlert reported on X that Makina Finance was exploited for about 1,299 ETH, worth around $4.13 million. On-chain data shows the attacker targeted the Dialectic USD/USDC Stableswap pool by manipulating its price.

According to CertiKAlert, the breach began with the hacker borrowing a flash loan of 280 million USDC. Using 170 million USDC, they proceeded to manipulate the MachineShareOracle, which the DUSD/USDC pool relies on for pricing. The attacker then swapped 110 million USDC through the pool, extracting roughly $5 million in value.

A MEV bot, operating from address 0xa6c2, front-ran the transaction, executing a series of quick trades that drained about 1,299 ETH from the pool. The stolen funds were later moved to two addresses, with 0xbed2 holding about $3.3 million and 0x573d retaining $880,000.

Makina Finance has since addressed the situation via their social media, stating,

“Gmak, early this morning we received reports regarding an incident with the $DUSD Curve pool.”

The firm’s team clarified that the issue is limited only to its DUSD liquidity provider positions on Curve, with no signs that other assets or deployments are affected. The team also confirmed the safety of the underlying assets stored in the machines.

As a precaution, security mode has been activated across all machines while the team continues to assess the situation. Liquidity providers in the DUSD Curve pool have also been advised to withdraw their funds.

Elsewhere, CyversAlerts has flagged suspicious transactions involving SynapLogic on Base. Reports indicate that the hacker was initially funded through Tornado Cash on Ethereum before bridging funds to Base using GasZip and later acquired about 144,000 SYP tokens.

However, SynapLogic later confirmed that the issue has been fully resolved, stating that its systems are operating normally and that all user funds remain safe.

Truebit Update

The episode comes barely a week following the first major DeFi hack of 2026. The Truebit Protocol recently experienced a security breach, resulting in the loss of approximately $26.5 million in ETH. Investigations found that the hacker had taken advantage of a vulnerability in the smart contract’s pricing logic, which allowed them to mint TRU tokens at no cost.

Following the exploit, the project’s team announced that it was investigating the situation. At the time of writing, no official recovery plan has been announced, and the exploited funds remain on-chain.

Meanwhile, on-chain security companies like SlowMist and Certik have published post-mortems, warning that outdated Solidity versions remain a systemic risk in DeFi. The former recommended that such systems should be protected using the SafeMath library to prevent logic vulnerabilities caused by integer overflows.

The post Makina Finance Loses $4.13M in Flash Loan Exploit On Curve Pool appeared first on CryptoPotato.