Share this article

Makina loses $4.1 million in exploit tied to price-feed manipulation

An attacker used flash loans to manipulate pricing data in Makina’s DUSD/USDC Curve pool, draining more than $4 million before MEV bots captured part of the haul.

By Shaurya Malwa|Edited by Nikhilesh De

Updated Jan 20, 2026, 2:49 p.m. Published Jan 20, 2026, 11:35 a.m.

Make us preferred on Google

Under a low-light red lamp, a pair of hands types on a keyboard. (Wesley Tingey/Unsplash+)

What to know:

Makina, a decentralized finance protocol, suffered a $4.13 million exploit after attackers drained its DUSD/USDC liquidity pool on Curve by manipulating a pricing oracle.
The attacker used a 280 million USDC flash loan, deploying about 170 million USDC to distort Makina’s MachineShareOracle and then swapping roughly 110 million USDC against a pool with only about $5 million in liquidity.
Makina, which has about $100 million in total value locked, said the incident was confined to the DUSD Curve pool and urged liquidity providers to withdraw funds while it investigates.

Makina, a decentralized finance protocol focused on automated execution, suffered a $4.13 million exploit early Tuesday after attackers drained its DUSD/USDC liquidity pool on Curve, according to blockchain security firms PeckShield and CertiK.

PeckShield said the attacker siphoned roughly 1,299 ether from the pool by exploiting a pricing oracle used by Makina’s non-custodial liquidity providers.

STORY CONTINUES BELOW

Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters

By signing up, you will receive emails about CoinDesk products and you agree to our terms & conditions and privacy policy.

The oracle, which feeds external price data to smart contracts, was manipulated mid-transaction, allowing the attacker to withdraw funds at an artificially favorable rate.

CertiK said the exploit began with a large flash loan, a type of uncollateralized borrowing that must be repaid within a single transaction. The attacker borrowed about 280 million USDC, using roughly 170 million of it to interfere with Makina’s MachineShareOracle, which reports share prices to the Curve pool.

By briefly injecting capital, the attacker was able to skew the oracle’s reported prices. Once the pool began trusting the inflated values, the attacker swapped around 110 million USDC against a pool that held only about $5 million in liquidity, draining it almost entirely.

1/ The exploiter flashloaned 280M USDC, used 170M to manipulate MachineShareOracle that the DUSD/USDC pool depends on, and traded 110M on the ~$5M pool to drain it. pic.twitter.com/QAEF25K3AC
— CertiK Alert (@CertiKAlert) January 20, 2026

Makina, which launched last February and markets itself as an institutional-grade DeFi execution engine, has about $100 million in total value locked, according to DeFiLlama. The team said the exploit was limited to the DUSD Curve pool and did not affect the broader protocol.

In a statement on X, Makina urged liquidity providers to withdraw funds from the affected pool while the team investigates and said further updates would follow.

Makina Flash Loans cyber attacks