{"id":93324,"date":"2026-01-20T12:54:07","date_gmt":"2026-01-20T09:54:07","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=93324"},"modified":"2026-01-20T12:55:23","modified_gmt":"2026-01-20T09:55:23","slug":"makina-finance-defi-protocol-breached-for-5-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/makina-finance-defi-protocol-breached-for-5-million\/","title":{"rendered":"Makina Finance DeFi Protocol Breached for $5 Million"},"content":{"rendered":"<p>Hackers have breached the decentralized project Makina Finance, extracting approximately $5 million from a <a href=\"https:\/\/forklog.com\/en\/news\/what-are-stablecoins\">stablecoin<\/a> pool, according to CertiK.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/CertiKInsight?src=hash&#038;ref_src=twsrc%5Etfw\">#CertiKInsight<\/a> \ud83d\udea8<\/p>\n<p>We have seen an exploit on <a href=\"https:\/\/twitter.com\/makina?ref_src=twsrc%5Etfw\">@makina<\/a>; the Dialectic USD\/USDC Stableswap pool has been manipulated and drained for approximately $5M, with the majority, $4.14M, going to an MEV builder address.<a href=\"https:\/\/t.co\/rgLjDVuqzD\">https:\/\/t.co\/rgLjDVuqzD<\/a><\/p>\n<p>Stay Vigilant!<\/p>\n<p>\u2014 CertiK Alert (@CertiKAlert) <a href=\"https:\/\/twitter.com\/CertiKAlert\/status\/2013473512116363734?ref_src=twsrc%5Etfw\">January 20, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The attack was facilitated by oracle manipulation. Using a <a href=\"https:\/\/forklog.com\/en\/news\/what-are-flash-loans\">flash loan<\/a> of 280 million <a href=\"https:\/\/forklog.com\/en\/news\/what-is-the-usdc-stablecoin\">USDC<\/a>, the perpetrator artificially altered price data in the MachineShareOracle, which the protocol relied upon.<\/p>\n<p>As a result, the DUSD\/USDC pool on the Curve platform was drained by cybercriminals.\u00a0<\/p>\n<p>The majority of the stolen assets ($4.14 million) were ultimately intercepted by an <a href=\"https:\/\/forklog.com\/en\/news\/what-is-mev-in-ethereum\">MEV<\/a> builder.<\/p>\n<p>Makina&#8217;s developers stated they are &#8220;aware of the potential incident&#8221; and are conducting an investigation. They noted that the issue affected only the DUSD liquidity provider positions on Curve.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Gmak, early this morning we received reports regarding an incident with the <a href=\"https:\/\/twitter.com\/search?q=%24DUSD&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$DUSD<\/a> Curve pool<\/p>\n<p>At this stage, the issue appears to be isolated to DUSD LP positions on Curve. There is currently no indication that other assets or deployments are affected.<\/p>\n<p>Underlying assets held in\u2026<\/p>\n<p>\u2014 Makina (@makinafi) <a href=\"https:\/\/twitter.com\/makinafi\/status\/2013502372505624608?ref_src=twsrc%5Etfw\">January 20, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;As a precautionary measure, all Machines have been put into safe mode while we continue to assess the situation. We strongly advise liquidity providers in the DUSD Curve pool to withdraw their funds,&#8221; the team wrote.\u00a0<\/em><\/p>\n<\/blockquote>\n<p>They did not specify the damage.<\/p>\n<p>Experts from GoPlus Security <a href=\"https:\/\/x.com\/GoPlusSecurity\/status\/2013489216865603751\">estimated<\/a> the losses at $5.1 million, while PeckShield <a href=\"https:\/\/x.com\/PeckShieldAlert\/status\/2013468943193645085\">reported<\/a> the theft of 1299 ETH ($4.1 million).\u00a0<\/p>\n<p>Makina Finance is an engine for executing <a href=\"https:\/\/forklog.com\/en\/news\/what-is-decentralised-finance-defi\">DeFi<\/a> strategies, launched in February 2025. The protocol claims to offer institutional strategic vaults.\u00a0<\/p>\n<p>At the time of the incident, the platform&#8217;s <span data-descr=\"total value locked\" class=\"old_tooltip\">TVL<\/span> was $100 million.\u00a0<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/img-1e294c450d76185b-4119051269490024.webp\" alt=\"image\" class=\"wp-image-273665\"\/><figcaption class=\"wp-element-caption\">Source: <a href=\"https:\/\/defillama.com\/protocol\/makina?fees=false&#038;events=false\">DefiLlama<\/a>.\u00a0<\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\">A New Approach\u00a0<\/h2>\n<p>Senior security researcher at a16z crypto, Daejun Pak, <a href=\"https:\/\/a16zcrypto.substack.com\/p\/the-forces-shaping-crypto-this-year\">urged<\/a> the DeFi sector to embed protection directly into the code.\u00a0<\/p>\n<p>The shift should be based on the use of standardized specifications that limit permissible protocol actions and automatically roll back any transaction that violates predefined assumptions of &#8220;correct behavior.&#8221;<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;Almost every known attack would have been thwarted at the execution stage by such checks. This means a shift from the old paradigm of &#8216;code is law&#8217; to a new one: &#8216;law is specification&#8217;,&#8221; the expert emphasized.<\/em><\/p>\n<\/blockquote>\n<p>The relevance of the proposal is underscored by hacking statistics: according to SlowMist, in 2025 hackers stole over $649 million through code vulnerabilities. Even time-tested protocols like Balancer <a href=\"https:\/\/forklog.com\/en\/news\/balancer-defi-protocol-suffers-128m-hack\">lost hundreds of millions of dollars<\/a>.\u00a0<\/p>\n<p>However, this approach has drawbacks. Head of security at Immunefi, Gon\u00e7alo Magalh\u00e3es, noted in a comment to <a href=\"https:\/\/www.dlnews.com\/articles\/defi\/a16z-crypto-wants-defi-to-ditch-code-is-law-to-combat-exploit-problem\/\">DL News<\/a> that additional checks will increase gas costs\u2014potentially deterring users seeking low fees.\u00a0<\/p>\n<p>He stated that invariant checks are a great strategy but not a &#8220;silver bullet,&#8221; as they cannot account for unforeseen attack vectors.<\/p>\n<p>Another issue is the complexity of correctly setting up such defenses. Co-founder of Asymmetric Research, Felix Wilhelm, emphasized that creating an effective invariant in practice is extremely difficult.\u00a0<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;For many vulnerabilities and real attacks, it is difficult or even impossible to develop an invariant that would reliably catch a breach without blocking legitimate operations in normal mode,&#8221; he explained.<\/em><\/p>\n<\/blockquote>\n<p>Such checks also often only limit damage or serve as a signal to the team but do not completely stop the breach.\u00a0<\/p>\n<p>Despite the barriers, some protocols have already implemented this practice. The Solana lending protocol <a href=\"https:\/\/www.certora.com\/blog\/securing-kamino-lending\">Kamino<\/a> and developers of the <a href=\"https:\/\/xrpl.org\/docs\/concepts\/consensus-protocol\/invariant-checking\">XRP Ledger<\/a> use invariant checks to ensure the integrity of their complex systems and protect against yet undiscovered bugs.<\/p>\n<p>It is worth noting that Immunefi CEO Mitchell Amador <a href=\"https:\/\/forklog.com\/en\/news\/major-hacks-spell-doom-for-80-of-crypto-protocols-experts-say\">concluded<\/a> that nearly 80% of cryptocurrency projects cease to exist after major attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers breached the decentralized project Makina Finance, extracting approximately $5 million from a stablecoin pool, according to CertiK.<\/p>\n","protected":false},"author":1,"featured_media":93325,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Hackers breached Makina Finance, extracting $5 million from a stablecoin pool, CertiK reported.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1111,1093,1246],"class_list":["post-93324","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-cybersecurity","tag-defi","tag-scammers"],"aioseo_notices":[],"amp_enabled":true,"views":"303","promo_type":"1","layout_type":"1","short_excerpt":"Hackers breached Makina Finance, extracting $5 million from a stablecoin pool, CertiK reported.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93324","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=93324"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93324\/revisions"}],"predecessor-version":[{"id":93326,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93324\/revisions\/93326"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/93325"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=93324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=93324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=93324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}