Makina Finance, a decentralized finance platform, recently faced a complex security breach involving smart contracts. Blockchain security firm CertiK reported that approximately $5 million was siphoned from one of the platform’s stablecoin pools. The attack, which manipulated the price oracle, was executed using a high-volume flash loan. This incident is part of a broader trend in 2025, marked by increasing crypto security violations.
Sophisticated Attack Mechanism
According to CertiK, the attacker targeted the DUSD/USDC Curve stablecoin pool of Makina Finance. The operation commenced with a flash loan of 280 million USDC. About 170 million USDC was used to create a temporary imbalance in the MachineShareOracle, which was tied to the pool’s pricing. Following this manipulation, the attacker exchanged the remaining 110 million USDC within the substantial pool, depleting most of its assets, valued at approximately $5 million.
Different security firms have reported varying estimates of the attack’s financial impact. GoPlus Security calculated the loss at around $5.1 million, whereas PeckShield mentioned the withdrawn assets were equivalent to $4.13 million in ETH. A key point highlighted in CertiK’s report was the intervention of an MEV builder during the transactions, which seized a significant portion of the funds. Around $4.14 million was captured by the MEV infrastructure, edging out the attacker.
Makina Finance, established in February 2025, offers institutional-grade strategy vaults and operates as a DeFi execution engine. According to DefiLlama, the platform held a total locked asset value of $100.49 million at the time of the incident.
Swift Response by Makina Finance
Following the attack, Makina Finance did not immediately confirm the breach through its official X or Telegram channels. The first communication emerged on their Discord server on Tuesday morning, acknowledging public chatter while verifying the details. A second message, dispatched roughly two hours later, noted the issue appeared confined to DUSD liquidity provider positions on Curve, advising liquidity providers to withdraw their funds. However, an explicit admission of the loss was absent.
The attack aligns with a pattern of rising incidents within the crypto sector throughout 2025. Chainalysis reported over $3.41 billion in crypto thefts this year, with North Korean-linked actors being notable contributors, claiming an unprecedented $2.02 billion share.
The Makina Finance incident underscores the ongoing systemic risk posed by large-scale flash loan operations within DeFi protocols heavily reliant on oracles.