Makina Finance Exploited for $4.1M; MEV Builder 0xa6c2 Facilitates Drain
Institutional DeFi protocol Makina Finance loses 1,299 ETH in a flash loan attack routed through a private MEV builder.
DeFi execution engine Makina Finance has suffered a critical security breach, losing 1,299 ETH ($4.13 million) in a flash loan attack targeting its DUSD stablecoin pool. The exploit, first detected by security firm PeckShield, relied on sophisticated builder-side execution to bypass public mempool monitoring.
The Mechanics: Private Tx & Flash Loans
The attacker manipulated the protocol’s DUSD/USDC Curve pool, leveraging flash loans to skew prices before draining liquidity. On-chain data reveals the transactions were routed through MEV Builder 0xa6c2, suggesting the exploiter utilized private transaction bundles to execute the attack atomically and avoid interception by generalized front-running bots.
At this stage, the issue appears to be isolated to DUSD LP positions on Curve. There is currently no indication that other assets or deployments are affected.
. Makina Finance Team
Institutional Context
Makina, which positions itself as an "institutional-grade" yield automaton, had recently seen its Total Value Locked (TVL) climb to approximately $100 million. The breach specifically targeted the algorithmic peg mechanism of its yield-bearing DUSD token. Despite the loss, the protocol’s broader TVL has not yet seen a mass exodus, though the team has activated "security mode" and paused contracts to mitigate further vectors.
Immediate Aftermath
Stolen funds are currently sitting in two wallets (primarily 0xbed2...), with no movement into mixers like Tornado Cash at press time. Users providing liquidity to the DUSD Curve pool have been advised to withdraw immediately, while the rest of the protocol remains under emergency freeze.
