Article updated on 02/20/2026 with the latest information provided by the Makina Finance team
TL;DR
- An attacker drained 1,299 ETH from the DUSD/USDC pool by manipulating the price oracle.
- MEV bots intercepted the original transaction to execute offensive arbitrage operations.
- The team activated security mode and confirmed that underlying assets remain safe.
The year 2026 begins with a new security incident for the DeFi sector, as a flash loan exploit on Makina Finance was confirmed this January 20. According to reports from security firms such as PeckShield and CertiK, the protocol lost approximately 1,299 ETH, equivalent to about $4.13 million.
The attack directly targeted the Dialectic USD/USDC Stableswap pool within the Curve platform. The perpetrator initiated the operation by obtaining a 280 million USDC flash loan, using a substantial portion to manipulate the price oracle upon which the pool depends.
Subsequently, the attacker executed massive swaps that allowed them to extract a value close to $5 million. However, a Maximum Extractable Value (MEV) bot detected the maneuver and managed to front-run the transactions, capturing a large portion of the drained funds.
Technical Analysis and Security Team Response
The stolen funds are currently distributed across two Ethereum addresses, while authorities and on-chain analysts track the attacker’s steps. For its part, Makina Finance issued a statement clarifying that the issue is exclusively limited to DUSD liquidity positions on Curve.
Fortunately, the technical team assured that there are no signs that other assets or protocol deployments were compromised during the incident. As an immediate precautionary measure, security mode was activated across all its “machines” to prevent further damage.
This new security incident occurs just one week after the multi-million dollar Truebit Protocol hack, underlining the persistent risks in decentralized finance. Experts from SlowMist and CertiK warn that the use of outdated Solidity versions continues to represent a systemic threat to the entire crypto ecosystem.
In summary, liquidity providers in the affected pool have been instructed to withdraw their funds immediately to mitigate risks. Meanwhile, the development team continues to assess the damage and work on a comprehensive recovery plan for users affected by this attack.
Situation Update
The Makina Finance team was kind enough to contact Crypto Economy to give us an overview of the latest news regarding the efforts they are making to recover the funds. According to the company, this is the current situation after the incident:
Recovery Stats:
- $3.65M+ recovered and distributed to affected users
- 89% of users have fully recovered their assets within a week of the incident
- Remaining users (11%) will be made 100% whole with Makina’s Restitution Plan, including a revenue-share mechanism by both Dialectic and Makina
- 920 ETH returned by MEV builder less a 10% bounty under white hat Safe Harbor
- 157 ETH returned by Rocket Pool validator
- 229,963 USDC recovered from post-exploit arbitrage
Protocol is back to normal operations and fully operational since January 26 (within a week of the incident)
