Ethereum DeFi platform Makina Finance lost 1,299 ETH, valued at approximately $4.1 million, on January 20. The loss occurred after hackers manipulated price oracles on its DUSD-USDC liquidity pool hosted on Curve Finance.
An MEV builder frontran the attack and captured the majority of the stolen funds, complicating recovery efforts for the yield management protocol, which launched in February 2025.
Blockchain security firm PeckShield first detected the exploit at 03:40:35 UTC. The attacker converted stolen tokens into ETH across two wallets, which currently hold the assets.
What Happened
The attacker initiated the exploit by borrowing a flash loan of 280 million USDC. They then utilized 170 million USDC to manipulate the MachineShareOracle, which is responsible for determining prices for the Dialectic USD and Dialectic USDC stablecoin pool.
Following the artificial inflation of pool prices, the attacker traded 110 million USDC against the manipulated pool. This allowed them to drain 1,299 ETH before repaying the flash loan.
PeckShield confirmed that the attack exploited a price manipulation vulnerability. The perpetrator added liquidity immediately before inflating prices and then withdrew their funds with profits.
However, an MEV builder address, starting with 0xa6c2, frontran the transaction that drained the pool. This MEV builder captured approximately $4.14 million of the stolen funds.
Current Status
The stolen ETH is currently held in two separate Ethereum addresses. Wallet 0xbed2...dE25 holds assets valued at $3.3 million, while wallet 0x573d...910e contains $880,000.
Makina Finance has activated security mode on all its smart vaults. The platform has also advised DUSD Curve pool liquidity providers to withdraw any remaining funds.
The protocol confirmed that the exploit exclusively affected DUSD liquidity provider positions on Curve. Other assets and deployments on the platform remain unaffected by this incident.
Security firms including PeckShield, ExVul, and TenArmor have issued advisories urging users to revoke smart contract permissions. They also recommended avoiding interaction with Makina contracts until the investigation is complete.
DeFi Security Context
Flash loan exploits continue to be a prevalent threat in the decentralized finance space, despite ongoing improvements in security measures. This is evidenced by incidents such as decentralized exchange Bunni losing $8.4 million in October 2025 and Shibarium suffering a $2.4 million attack in September.
However, data from Chainalysis indicates that DeFi hack losses remained suppressed throughout 2025. This occurred even as the total value locked in DeFi reached $119 billion, marking a departure from historical patterns where increased capital influxes typically correlated with a rise in attacks.
In 2025, total cryptocurrency theft reached $3.4 billion. The focus of these attacks shifted, with a greater emphasis on centralized exchanges and personal wallets rather than DeFi protocols.