The attacker used a 280 million USDC loan and oracle manipulation to extract an estimated $5 million.
Makina Finance was defrauded on January 20, resulting in a loss of $4.1 million.
The attacker used MEV bots in the lead transaction, which allowed them to extract 1,299 ETH from the protocol.
Details of Violation
Blockchain security company PeckShieldAlert reported on X that Makina Finance was hacked for about 1,299 ETH, worth about $4.13 million. On-chain data shows an attacker targeting the Dialectic USD/USDC Stableswap pool by manipulating its price.
According to CertiKAlert, the breach started with the hacker taking out a loan of 280 million USDC. Using 170 million USDC, they proceeded to manipulate MachineShareOracle, which the DUSD/USDC pool relies on for pricing. The attacker then exchanged 110 million USDC in the pool, withdrawing an estimated value of $5 million.
The MEV bot, operating from the address 0xa6c2, ran the job earlier, making a series of quick trades that pulled in about 1,299 ETH from the pool. The stolen funds were later moved to two addresses, with 0xbed2 holding approximately $3.3 million and 0x573d holding $880,000.
Makina Finance has spoken about this situation on social media, saying,
“Gmak, this morning we received reports about an incident with the $DUSD Curve pool.”
The company’s team clarified that the problem is limited only to its DUSD currency supplier positions in Curve, with no indication that other goods or shipments were affected. The team also ensured the safety of the underlying equipment stored in the equipment.
You may also like:
As a precaution, security mode has been activated on all machines while the team continues to assess the situation. Liquidity providers to the DUSD Curve pool have also been advised to withdraw their funds.
Elsewhere, CyversAlerts has flagged suspicious transactions involving SynapLogic on Base. Reports indicate that the hacker was initially funded with Tornado Cash on Ethereum before pooling the funds in Base using GasZip and later received 144,000 SYP tokens.
However, SynapLogic later confirmed that the problem has been fully resolved, saying that its systems are working normally and that all user funds remain safe.
Truebit update
The episode comes just a week after the biggest DeFi hack of 2026. Truebit Protocol recently suffered a security breach, resulting in the loss of approximately $26.5 million in ETH. The investigation found that the hacker took advantage of a vulnerability in the smart contract pricing concept, which allowed them to generate TRU tokens for free.
After this abuse, the task force announced that it is investigating the situation. At the time of writing, no official recovery plan has been announced, and the exploited funds remain active.
Meanwhile, on-chain security companies such as SlowMist and Certik published death statistics, warning that outdated versions of Solidity remain a systemic risk to DeFi. The former recommended that such systems should be protected using the SafeMath library to prevent vulnerabilities caused by absolute overflow.
SECRET AFFILIATE BONUS for CryptoPotato readers: Use this link to sign up and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
