Ethereum-based DeFi platform Makina Finance has faced significant damage after a flash loan exploit led to 1,299 ETH, worth nearly USD 4 million, in losses.
According to reports from PeckShield and other blockchain security companies, hackers manipulated prices on one of Makina’s liquidity pools.
The criminals led to the exploit by issuing a flash loan for USD 280 million in USDC. After this, they leveraged USD 170 million of the sum to manipulate the MachineShareOracle that determines prices for the Dialectic USD (DUSD) and Dialectic USDC (DUSDC) liquidity pool.
Afterwards, the perpetrators traded USD 110 million on the pool, right before bleeding it of over 1,000 ETH. A PeckShield representative, talking to Decrypt, said that the root cause of the bug is a classic price manipulation issue. Additionally, the token price for the DUSD-DUSDC liquidity pool is calculated through the platform’s spot prices, which were manipulated by the flash loan.
Yet, although successfully changing the price, the transaction which extracted the liquidity pool was frontrun by an MEV builder, which obtained the majority of the stolen funds. Further expanding on this, the PeckShield spokesperson mentioned that this offers a better choice in receiving the stolen funds back, even if there has been no indication so far that Makina has identified or reached out to the involved MEV builder.
Makina’s response
Previously mentioned sources say that Makina Finance stated that the exploit was isolated to its DUSD-DUSDC pool on Curve, and its underlying assets held on its platform have not been negatively impacted by the exploit. The company was quick to activate the security mode on all its smart vaults while it evaluates the situation.
Additionally, Makina advised liquidity providers in the DUSD Curve pool to remove any remaining liquidity. Now, the company is working on deciding its next steps, planning to provide updates as and when they are available.
