MakinaFi lost approximately 1,299 ETH (~$4.1M) in an exploit that took place on jan. 20. The attacker used flash loans and on‑chain price manipulation against a DUSD/USDC Curve pool, while an MEV builder intercepted part of the flow and captured a small profit.
The incident exposes persistent risks in complex stablecoin liquidity pools and the adversarial role of MEV in transaction ordering, and has left users and compliance teams seeking clarity on remediation and compensation.
As per on‑chain analysis and security firm reports, the attacker executed a flash‑loan sequence borrowing capital from lending protocols such as Aave and Morpho, then routed rapid swaps across Curve and Uniswap to distort the DUSD/USDC pool price. The attacker repaid the flash loans inside the same atomic transaction while extracting value from the pool.
An MEV builder — identified on‑chain by the prefix 0xa6c2 — detected the exploiter’s lucrative transaction and frontran parts of the flow, pocketing roughly 0.13 ETH. Stolen funds were moved into at least two Ethereum addresses: 0xbed2…dE25 (approximately $3.3M) and 0x573d…910e (approximately $880K), according to the same chain data.
Security, product and compliance implications
The exploit highlights three recurring weaknesses in DeFi products: composability that amplifies risk across protocols, reliance on atomic flash‑loan mechanics that permit large short‑term leverage, and the unpredictable behavior of MEV actors who can profit even from other attackers.
MakinaFi has suspended contract interactions and, as of the last on‑chain reports, has not published a technical post‑mortem or a compensation plan — a gap that elevates reputation and counterparty risk for users and institutional counterparties.
The incident is separate from a CertiK‑flagged activity involving Synap Logic minting loops, which involved a different contract pattern and 193 suspicious transactions; both events nevertheless underline varied attack vectors that compliance and security teams must monitor concurrently.
Investors and product teams are now focused on MakinaFi’s forthcoming technical breakdown and any mitigation or compensation measures. The protocol’s post‑mortem will be the key test of its governance, recovery procedures and whether on‑chain traceability can meaningfully support fund recovery or legal follow‑up. Until then, traders and custodians will likely reassess exposure to complex stablecoin pools and tighten monitoring of flash‑loan and MEV activity.
