Makina Finance Hit by Flash‑Loan Exploit, Losing Over $4.1M as Curve Pool Is Drained

21-Jan-2026 Crypto Economy

TL;DR

An attacker drained 1,299 ETH from the DUSD/USDC pool by manipulating the price oracle.
MEV bots intercepted the original transaction to execute offensive arbitrage operations.
The team activated security mode and confirmed that underlying assets remain safe.

The year 2026 begins with a new security incident for the DeFi sector, as a flash loan exploit on Makina Finance was confirmed this January 20. According to reports from security firms such as PeckShield and CertiK, the protocol lost approximately 1,299 ETH, equivalent to about $4.13 million.

Gmak, early this morning we received reports regarding an incident with the $DUSD Curve pool

At this stage, the issue appears to be isolated to DUSD LP positions on Curve. There is currently no indication that other assets or deployments are affected.

Underlying assets held in…
— Makina (@makinafi) January 20, 2026

The attack directly targeted the Dialectic USD/USDC Stableswap pool within the Curve platform. The perpetrator initiated the operation by obtaining a 280 million USDC flash loan, using a substantial portion to manipulate the price oracle upon which the pool depends.

Subsequently, the attacker executed massive swaps that allowed them to extract a value close to $5 million. However, a Maximum Extractable Value (MEV) bot detected the maneuver and managed to front-run the transactions, capturing a large portion of the drained funds.

Technical Analysis and Security Team Response

The stolen funds are currently distributed across two Ethereum addresses, while authorities and on-chain analysts track the attacker’s steps. For its part, Makina Finance issued a statement clarifying that the issue is exclusively limited to DUSD liquidity positions on Curve.

#PeckShieldAlert @makinafi has been exploited for ~1,299 $ETH (~$4.13M).

The hacker was frontrun by MEV Builder (0xa6c2…).

The stolen funds are currently held in 2 addresses:
0xbed2…dE25 ($3.3M) & 0x573d…910e ($880K) pic.twitter.com/Q5WzHpfq7j
— PeckShieldAlert (@PeckShieldAlert) January 20, 2026

Fortunately, the technical team assured that there are no signs that other assets or protocol deployments were compromised during the incident. As an immediate precautionary measure, security mode was activated across all its “machines” to prevent further damage.

This new security incident occurs just one week after the multi-million dollar Truebit Protocol hack, underlining the persistent risks in decentralized finance. Experts from SlowMist and CertiK warn that the use of outdated Solidity versions continues to represent a systemic threat to the entire crypto ecosystem.

In summary, liquidity providers in the affected pool have been instructed to withdraw their funds immediately to mitigate risks. Meanwhile, the development team continues to assess the damage and work on a comprehensive recovery plan for users affected by this attack.

Also read: PancakeSwap Community Approves CAKE Max Supply Cut To 400 Million

About Author Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc fermentum lectus eget interdum varius. Curabitur ut nibh vel velit cursus molestie. Cras sed sagittis erat. Nullam id ante hendrerit, lobortis justo ac, fermentum neque. Mauris egestas maximus tortor. Nunc non neque a quam sollicitudin facilisis. Maecenas posuere turpis arcu, vel tempor ipsum tincidunt ut.