Ethereum-based DeFi platform Makina Finance has lost 1,299 ETH, worth around $4 million, after hackers successfully manipulated prices on one of its USDC liquidity pools.
According to PeckShield and other blockchain security firms, the perpetrator(s) caused the exploit by issuing a flash loan for $280 million in USDC, and then harnessing $170 million of this to manipulate the MachineShareOracle that determines prices for the Dialectic USD (DUSD) and Dialectic USDC (DUSDC) liquidity pool.
The actor then traded $110 million on the pool, before draining it of over 1,000 ETH.
“Basically, the root cause of the bug is a classic price manipulation issue,” said a spokesperson for PeckShield, speaking to Decrypt.
PeckShield explained that the token price for the DUSD-DUSDC liquidity pool is calculated via the platform’s spot prices, which were manipulated by the flash loan.
The spokesperson added, “The hacker in essence adds liquidity right before the hack, next inflates the price, and after that withdraws the LP with profit.”
However, despite successfully manipulating the price, the transaction which drained the liquidity pool was frontrun by an MEV builder, which received the vast majority of the stolen funds.
PeckShield’s spokesperson says that this “provides a better choice in getting the stolen funds back,” although there has so far been no indication that Makina has identified or reached out to the MEV builder involved.
In a tweet, Makina said that the exploit was isolated to its DUSD-DUSDC pool on Curve, and that underlying assets held on its platform “remain unaffected.”
The firm has activated the security mode on all its smart vaults (dubbed ‘Machines’) as it assesses the situation, while advising liquidity providers in the DUSD Curve pool to remove any remaining liquidity.
It will determine next steps, and provide updates as and when they are available.
DeFi and flash loan exploits
Flash loan exploits are now relatively common in the DeFi sector, with decentralized exchange Bunni shutting down in October after such an attack drained it of $8.4 million.
Similarly, layer-two network Shibarium suffered a flash loan attack in September that resulted in the theft of $2.4 million in tokens.
However, data from Chainalysis indicate that the DeFi sector as a whole is becoming comparatively more secure against hacks, with the intelligence company finding that DeFi hack losses remained relatively low in 2025, even as TVL on DeFi platforms regained former highs.476,145,737.1
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
