On January 20, Makina Finance suffered a significant breach involving a flash loan exploit, leading to a loss of approximately $4.1 million.

The attacker leveraged a flash loan of 280 million USDC and manipulated transaction prices, extracting nearly $5 million in value from the Dialectic USD/USDC Stableswap pool.

Incident Details

According to blockchain security firm PeckShieldAlert, the exploit drained 1,299 ETH from Makina Finance. The attacker initiated the breach by borrowing the substantial flash loan and using 170 million USDC to manipulate the MachineShareOracle, which the pool utilizes for pricing. Subsequently, they swapped 110 million USDC, facilitating the drainage of funds through strategic trades executed by a MEV bot.

The diverted funds were moved to two different addresses, with one holding around $3.3 million and the other retaining approximately $880,000. Makina Finance acted swiftly, notifying its community of the theft through social media, confirming that the issue was isolated to the DUSD liquidity positions on Curve and that all other assets remained secure.

Community Response

As a precaution, Makina Finance has activated security measures across all systems and advised affected liquidity providers to withdraw their assets from the Curve pool as investigations continue.

In an October 1st statement, the firm addressed the situation, confirming:

“Gmak, early this morning we received reports regarding an incident with the $DUSD Curve pool.”
(Translation: “Hello, earlier this morning we received reports about an incident involving the $DUSD Curve pool.”)

Related Incidents

This breach follows the recent exploit of the Truebit Protocol, which lost $26.5 million due to vulnerabilities in its pricing logic. On-chain security analysts warn that outdated Solidity versions pose continuing risks within DeFi ecosystems. Safety measures such as the SafeMath library have been recommended to mitigate potential vulnerabilities.