The Makina Finance platform, operating on the Ethereum network, has been victim of a flash loan exploit during this Tuesday’s trading session. According to the firm PeckShield, the attacker managed to steal 1,299 ETH, valued at approximately 4 million dollars at the present time, by manipulating prices in a liquidity pool after issuing a massive asset credit.
The incident began when the perpetrator requested a 280 million USDC loan, using much of this capital to alter the native price oracle system. By distorting the MachineShareOracle, which determines the values of the DUSD-DUSDC pair, the attacker managed to execute highly profitable trades on the platform, draining the protocol’s reserves and seriously compromising its overall financial stability.
After artificially inflating the value of the assets, the hacker proceeded to withdraw their stake, obtaining an illicit profit of one thousand stolen Ether units. However, an MEV builder managed to frontrun the final transaction, retaining the vast majority of the funds stolen from the network in two addresses that are currently under close supervision by blockchain security experts.
Technical vulnerabilities and price manipulation in liquidity pools
The technical vulnerability lies in the way the system calculates the pool price, relying exclusively on spot prices from the internal market. In this way, by injecting massive liquidity just before the attack, the malicious actor was able to inflate asset valuations, allowing them to withdraw their capital with a disproportionate profit margin that directly affected other protocol users.
Due to the nature of cryptocurrencies, on-chain transactions allowed for the identification that the root cause was an internal security failure. Meanwhile, Makina Finance has decided to activate security mode on its smart vaults, recommending that liquidity providers remove their funds from the Curve ecosystem immediately to prevent any further monetary losses from occurring within the platform.
This event evokes other similar attacks, such as the closure of the Bunni exchange in October, which lost over 8 million dollars due to an exploit. Likewise, the Shibarium network faced an identical problem in September, where attackers stole millions of tokens in a similar way, demonstrating that oracle security remains a critical challenge for all current decentralized developers.
Despite the recurring flash loan exploit in the sector, recent data suggests a greater technical maturity within the global cryptographic industry. Although the sector has seen a decrease in total losses, this event highlights the fragility of decentralized financial oracles, especially when faced with coordinated attacks that take advantage of temporary market liquidity to destabilize protocols.
What measures will Makina Finance take to protect user assets?
Currently, the development team is evaluating the economic damage, seeking to establish direct communication with the MEV builder involved. Since they were frontrun by this bot, there is a real possibility of recovering the stolen digital assets, provided an agreement is reached for the return of capital that legitimately belongs to all Makina Finance users.
On the other hand, the company has ensured that the underlying assets in other machines remain safe, maintaining the integrity of the unaffected smart contracts. However, the market watches with caution, hoping that the implementation of better audits and rigorous technical controls manages to prevent future incidents that compromise investor confidence in these modern finance protocols and platforms.
Finally, the community awaits a resolution that allows for the restoration of liquidity for the affected pair without harming minority depositors. As the situation evolves, it remains clear that price oracle robustness is fundamental for success, which is why protocols must adopt much more advanced security solutions to avoid these scenarios from repeating in the future.
