Makina Finance DeFi Protocol Breached for $5 Million

Hackers breached Makina Finance, extracting $5 million from a stablecoin pool, CertiK reported.

Hackers have breached the decentralized project Makina Finance, extracting approximately $5 million from a stablecoin pool, according to CertiK. 

#CertiKInsight 🚨

We have seen an exploit on @makina; the Dialectic USD/USDC Stableswap pool has been manipulated and drained for approximately $5M, with the majority, $4.14M, going to an MEV builder address.https://t.co/rgLjDVuqzD

Stay Vigilant!

— CertiK Alert (@CertiKAlert) January 20, 2026

The attack was facilitated by oracle manipulation. Using a flash loan of 280 million USDC, the perpetrator artificially altered price data in the MachineShareOracle, which the protocol relied upon.

As a result, the DUSD/USDC pool on the Curve platform was drained by cybercriminals. 

The majority of the stolen assets ($4.14 million) were ultimately intercepted by an MEV builder.

Makina’s developers stated they are “aware of the potential incident” and are conducting an investigation. They noted that the issue affected only the DUSD liquidity provider positions on Curve. 

Gmak, early this morning we received reports regarding an incident with the $DUSD Curve pool

At this stage, the issue appears to be isolated to DUSD LP positions on Curve. There is currently no indication that other assets or deployments are affected.

Underlying assets held in…

— Makina (@makinafi) January 20, 2026

“As a precautionary measure, all Machines have been put into safe mode while we continue to assess the situation. We strongly advise liquidity providers in the DUSD Curve pool to withdraw their funds,” the team wrote. 

They did not specify the damage.

Experts from GoPlus Security estimated the losses at $5.1 million, while PeckShield reported the theft of 1299 ETH ($4.1 million). 

Makina Finance is an engine for executing DeFi strategies, launched in February 2025. The protocol claims to offer institutional strategic vaults. 

At the time of the incident, the platform’s TVL was $100 million. 

A New Approach 

Senior security researcher at a16z crypto, Daejun Pak, urged the DeFi sector to embed protection directly into the code. 

The shift should be based on the use of standardized specifications that limit permissible protocol actions and automatically roll back any transaction that violates predefined assumptions of “correct behavior.”

“Almost every known attack would have been thwarted at the execution stage by such checks. This means a shift from the old paradigm of ‘code is law’ to a new one: ‘law is specification’,” the expert emphasized.

The relevance of the proposal is underscored by hacking statistics: according to SlowMist, in 2025 hackers stole over $649 million through code vulnerabilities. Even time-tested protocols like Balancer lost hundreds of millions of dollars. 

However, this approach has drawbacks. Head of security at Immunefi, Gonçalo Magalhães, noted in a comment to DL News that additional checks will increase gas costs—potentially deterring users seeking low fees. 

He stated that invariant checks are a great strategy but not a “silver bullet,” as they cannot account for unforeseen attack vectors.

Another issue is the complexity of correctly setting up such defenses. Co-founder of Asymmetric Research, Felix Wilhelm, emphasized that creating an effective invariant in practice is extremely difficult. 

“For many vulnerabilities and real attacks, it is difficult or even impossible to develop an invariant that would reliably catch a breach without blocking legitimate operations in normal mode,” he explained.

Such checks also often only limit damage or serve as a signal to the team but do not completely stop the breach. 

Despite the barriers, some protocols have already implemented this practice. The Solana lending protocol Kamino and developers of the XRP Ledger use invariant checks to ensure the integrity of their complex systems and protect against yet undiscovered bugs.

It is worth noting that Immunefi CEO Mitchell Amador concluded that nearly 80% of cryptocurrency projects cease to exist after major attacks.