A major Makina Finance exploit has resulted in a loss of approximately $4.2 million (around 1300 ETH). The exploit also utilized flash loans to manipulate the price oracles of an existing liquidity pool of DUSD and USDC, and subsequently leveraged the price manipulation into an unbalanced liquidity pool.
The Makina Finance Exploit: The Sophisticated Oracle Manipulation Unfolded
There was significant complexity in the way this price oracle manipulation was executed. Reported by the blockchain auditing/security firm CertiK, the analysis of this incident provided evidence of a single transaction of $280 million USDC borrowed via a flash loan, where $170 million was used to create an artificial price feed for the MachineShare Oracle, which was used by the liquidity pool to determine the fair value of the assets.
To this point, and the oracle reporting a distorted value, significantly higher, the attacker was able to sell $110 million USDC against the $5 million pool, before repaying the flash loan, all within one block.
The sophistication of this plan shows how vulnerable price oracles can be to manipulation, especially with stablecoin pairs, in a decentralized finance (DeFi) setting.
MEV Builder Capture Complicates the Aftermath
In an even rarer turn of events, a secondary capture occurred, following the exploit. During the incident, a Maximal Extractable Value (MEV) builder (an entity that bundles user transactions for miners) captured $4.14 million of the stolen funds. Although the original attacker may not receive the full value from the hack, it also made fund recovery more convoluted.
So far, the protocol development team has been very slow in responding. The team first posted information about the incident on Discord and urged liquidity providers on the DUSD Curve to withdraw their funds, but there has been no clear indication of the loss or the expected recovery plan. Later on, they posted another announcement on X (post below) about the incident, stating “the issue appears to be isolated to DUSD LP positions on Curve. There is currently no indication that other assets or deployments are affected.”
The silence surrounding the incident causes considerable stress for users because there are now two identifiable wallets containing the stolen ETH, reflecting a serious breakdown in crisis communications.
