Exploit Details
Makina Finance, a decentralized finance protocol, has been targeted in a sophisticated smart contract exploit resulting in the loss of approximately $5 million from one of its stablecoin pools. The incident, which occurred earlier this week, involved a hacker utilizing a 280 million USDC flash loan to manipulate the system and drain funds. CertiK Alert reported on the exploit, highlighting the intricate nature of the attack.
The breach specifically impacted Makina Finance’s DUSD/USDC Curve stablecoin pool. According to CertiK's analysis, the attacker first borrowed 280 million USDC. Subsequently, 170 million USDC was used to manipulate the MachineShareOracle, a critical component for pricing within the pool. This manipulation allowed the attacker to trade 110 million USDC against the pool, which contained roughly $5 million, thereby extracting the stolen assets.
Various blockchain security firms have reported differing estimates for the total amount stolen. GoPlus Security estimates the loss at $5.1 million, while PeckShield places the figure at around $4.13 million in Ether. Notably, a significant portion of the stolen funds, $4.14 million, was captured by an MEV builder, as confirmed by CertiK.
#CertiKInsight 🚨 We have seen an exploit on @makina; the Dialectic USD/USDC Stableswap pool has been manipulated and drained for approximately $5M, with the majority, $4.14M, going to an MEV builder address. https://t.co/rgLjDVuqzD Stay Vigilant!
— CertiK Alert (@CertiKAlert) January 20, 2026
Makina Finance's Response and Impact
Makina Finance, a platform offering institutional-grade strategy vaults, had not initially confirmed the exploit through its official communication channels. The protocol's team initially responded on Discord, acknowledging awareness of the reports but refraining from confirming the loss. Later, they issued a more detailed statement indicating that the attack appeared to be limited to liquidity provider (LP) positions on Curve and advised affected users to withdraw their funds.
Despite the recent breach, Makina Finance maintains a substantial total value locked (TVL) of $100.49 million, according to data from DefiLlama. The protocol, which launched earlier in 2025, has been gaining traction within the decentralized finance (DeFi) space.
Broader Implications for DeFi Security
This exploit highlights the persistent vulnerabilities within the decentralized finance sector. Makina Finance's communication and response to the incident have drawn attention from the crypto community and security experts. The increasing sophistication of such attacks underscores the ongoing challenges in securing decentralized systems.
The DeFi space has experienced numerous similar exploits in recent years. Security firms consistently warn about the rising risks associated with smart contract vulnerabilities and oracle manipulations. As blockchain technology continues to evolve, so do the methods employed by malicious actors, emphasizing the critical need for platforms to continuously strengthen their security protocols to safeguard user assets.
Makina Finance's situation serves as a potent reminder of the necessity for constant vigilance in the decentralized finance landscape. As the industry matures, incidents like these underscore the paramount importance of robust security measures and transparent communication in fostering and maintaining user trust and confidence.