Ethereum DeFi Platform Makina Hit by Flash Loan Exploit, Loses $4M in ETH

In brief Ethereum-based DeFi platform Makina Finance has lost over $4 million in ETH following a flash loan exploit. Most of the funds are not in the hacker’s possession, with an MEV builder frontrunning the transaction that drained Makina. While flash loans were a recurring event in 2025, the DeFi sector as a whole witnessed a decline in losses last year, according to Chainalysis. Ethereum -based DeFi platform Makina Finance has lost 1,299 ETH, worth around $4 million, after hackers successfully manipulated prices on one of its USDC liquidity pools. According to PeckShield and other blockchain security firms , the perpetrator(s) caused the exploit by issuing a flash loan for $280 million in USDC, and then harnessing $170 million of this to manipulate the MachineShareOracle that determines prices for the Dialectic USD (DUSD) and Dialectic USDC (DUSDC) liquidity pool. #PeckShieldAlert @makinafi has been exploited for ~1,299 $ETH (~$4.13M). The hacker was frontrun by MEV Builder (0xa6c2...). The stolen funds are currently held in 2 addresses: 0xbed2...dE25 ($3.3M) & 0x573d...910e ($880K) pic.twitter.com/Q5WzHpfq7j — PeckShieldAlert (@PeckShieldAlert) January 20, 2026 The actor then traded $110 million on the pool, before draining it of over 1,000 ETH. “Basically, the root cause of the bug is a classic price manipulation issue,” said a spokesperson for PeckShield, speaking to Decrypt . PeckShield explained that the token price for the DUSD-DUSDC liquidity pool is calculated via the platform’s spot prices, which were manipulated by the flash loan. The spokesperson added, “The hacker in essence adds liquidity right before the hack, next inflates the price, and after that withdraws the LP with profit.”  However, despite successfully manipulating the price, the transaction which drained the liquidity pool was frontrun by an MEV builder, which received the vast majority of the stolen funds. PeckShield’s spokesperson says that this “provides a better choice in getting the stolen funds back,” although there has so far been no indication that Makina has identified or reached out to the MEV builder involved. In a tweet , Makina said that the exploit was isolated to its DUSD-DUSDC pool on Curve, and that underlying assets held on its platform “remain unaffected.” Gmak, early this morning we received reports regarding an incident with the $DUSD Curve pool At this stage, the issue appears to be isolated to DUSD LP positions on Curve. There is currently no indication that other assets or deployments are affected. Underlying assets held in… — Makina (@makinafi) January 20, 2026 The firm has activated the security mode on all its smart vaults (dubbed ‘Machines’) as it assesses the situation, while advising liquidity providers in the DUSD Curve pool to remove any remaining liquidity. It will determine next steps, and provide updates as and when they are available. DeFi and flash loan exploits Flash loan exploits are now relatively common in the DeFi sector, with decentralized exchange Bunni shutting down in October after such an attack drained it of $8.4 million. Similarly, layer-two network Shibarium suffered a flash loan attack in September that resulted in the theft of $2.4 million in tokens. However, data from Chainalysis indicate that the DeFi sector as a whole is becoming comparatively more secure against hacks, with the intelligence company finding that DeFi hack losses remained relatively low in 2025, even as TVL on DeFi platforms regained former highs.476,145,737.1 Daily Debrief Newsletter Start every day with the top news stories right now, plus original features, a podcast, videos and more. Your Email Get it! Get it!