Decentralized finance protocol Makina Finance has become the latest project to suffer a major security breach, after attackers drained roughly $5 million from one of its stablecoin liquidity pools. The incident was first reported by blockchain security firm CertiK, which traced the loss to a sophisticated smart contract exploit involving a large flash loan.
According to CertiK’s analysis, the attack took place on Tuesday and targeted Makina Finance’s DUSD/USDC Curve stablecoin pool. The exploiter began by taking out a flash loan worth 280 million USDC. From that amount, about 170 million USDC was used to manipulate the oracle responsible for pricing within the pool. Once the oracle was skewed, the attacker swapped the remaining 110 million USDC against a pool that held roughly $5 million in assets, effectively draining it.
#CertiKInsight 🚨
— CertiK Alert (@CertiKAlert) January 20, 2026
We have seen an exploit on @makina; the Dialectic USD/USDC Stableswap pool has been manipulated and drained for approximately $5M, with the majority, $4.14M, going to an MEV builder address.https://t.co/rgLjDVuqzD
Stay Vigilant!
Makina Finance launched its DeFi execution engine in February 2025 and markets itself as offering institutional-grade strategy vaults. Data from DefiLlama shows the protocol currently holds approximately $100.49 million in total value locked, making the exploit significant but not existential for the platform.
Other blockchain security firms reported slightly different estimates of the losses. GoPlus Security placed the damage at around $5.1 million, while PeckShield estimated losses of about $4.13 million, measured in ether. CertiK also noted an unusual twist following the exploit: a maximal extractable value (MEV) builder reportedly captured the majority of the stolen funds, seizing roughly $4.14 million in the process.
Makina Finance has yet to formally confirm the exploit on its official X or Telegram channels. However, the team acknowledged the situation in its Discord server early Tuesday, stating it was “aware of posts circulating about a potential incident” and was still verifying details. Around two hours later, a follow-up message suggested the issue “appears to be isolated to DUSD LP positions on Curve” and advised liquidity providers to withdraw funds as a precaution. The update did not explicitly confirm that assets had been lost.
🚨 DeFi asset management protocol Makina Finance (@makinafi) has been exploited
— GoPlus Security 🚦 (@GoPlusSecurity) January 20, 2026
⁰Its DUSD/USDC #CurveStable pool suffered a loss of approximately $5.1M USDC 💥💰
Attacker address:⁰0x935bfb495E33f74d2E9735DF1DA66acE442ede48
Exploit transaction:⁰https://t.co/f6xJFrtcLb… pic.twitter.com/C0s8a3e14R
The incident adds to a growing list of high-profile DeFi exploits and comes during a year marked by elevated levels of crypto-related theft. A recent report from Chainalysis estimates that cryptocurrency theft surpassed $3.41 billion in 2025 alone. North Korea-linked actors were identified as the most prolific threat group, accounting for a record $2.02 billion in stolen funds.
Security experts have repeatedly warned that oracle manipulation and flash loan-based attacks remain among the most common and difficult threats facing DeFi protocols. Even projects with sizable liquidity and advanced infrastructure can be vulnerable if pricing mechanisms are not sufficiently protected against extreme, short-term market distortions.
As Makina Finance continues to investigate the incident, the broader DeFi sector is once again reminded of the importance of rigorous smart contract audits, real-time monitoring, and transparent communication during security events.
