Home » Crypto News
The attacker used a 280 million USDC flash loan and oracle manipulation to extract nearly $5 million in value.
}
function loadTrinityPlayer(targetWrapper, theme,extras=””) {
cleanupPlayer(targetWrapper); // Always clean first ✅
targetWrapper.classList.add(‘played’);
// Create script
const scriptEl = document.createElement(“script”);
scriptEl.setAttribute(“fetchpriority”, “high”);
scriptEl.setAttribute(“charset”, “UTF-8”);
const scriptURL = new URL(`https://trinitymedia.ai/player/trinity/2900019254/?themeAppearance=${theme}${extras}`);
scriptURL.searchParams.set(“pageURL”, window.location.href);
scriptEl.src = scriptURL.toString();
// Insert player
const placeholder = targetWrapper.querySelector(“.add-before-this”);
placeholder.parentNode.insertBefore(scriptEl, placeholder.nextSibling);
}
function getTheme() {
return document.body.classList.contains(“dark”) ? “dark” : “light”;
}
// Initial Load for Desktop
if (window.innerWidth > 768) {
const desktopBtn = document.getElementById(“desktopPlayBtn”);
if (desktopBtn) {
desktopBtn.addEventListener(“click”, function () {
const desktopWrapper = document.querySelector(“.desktop-player-wrapper.trinity-player-iframe-wrapper”);
if (desktopWrapper) loadTrinityPlayer(desktopWrapper, getTheme(),’&autoplay=1′);
});
}
}
// Mobile Button Click
const mobileBtn = document.getElementById(“mobilePlayBtn”);
if (mobileBtn) {
mobileBtn.addEventListener(“click”, function () {
const mobileWrapper = document.querySelector(“.mobile-player-wrapper.trinity-player-iframe-wrapper”);
if (mobileWrapper) loadTrinityPlayer(mobileWrapper, getTheme(),’&autoplay=1′);
});
}
function reInitButton(container,html){
container.innerHTML = ” + html;
}
// Theme switcher
const destroyButton = document.getElementById(“checkbox”);
if (destroyButton) {
destroyButton.addEventListener(“click”, () => {
setTimeout(() => {
const theme = getTheme();
if (window.innerWidth > 768) {
const desktopWrapper = document.querySelector(“.desktop-player-wrapper.trinity-player-iframe-wrapper”);
if(desktopWrapper.classList.contains(‘played’)){
loadTrinityPlayer(desktopWrapper, theme,’&autoplay=1′);
}else{
reInitButton(desktopWrapper,’Listen‘)
const desktopBtn = document.getElementById(“desktopPlayBtn”);
if (desktopBtn) {
desktopBtn.addEventListener(“click”, function () {
const desktopWrapper = document.querySelector(“.desktop-player-wrapper.trinity-player-iframe-wrapper”);
if (desktopWrapper) loadTrinityPlayer(desktopWrapper,theme,’&autoplay=1’);
});
}
}
} else {
const mobileWrapper = document.querySelector(“.mobile-player-wrapper.trinity-player-iframe-wrapper”);
if(mobileWrapper.classList.contains(‘played’)){
loadTrinityPlayer(mobileWrapper, theme,’&autoplay=1′);
}else{
const mobileBtn = document.getElementById(“mobilePlayBtn”);
if (mobileBtn) {
mobileBtn.addEventListener(“click”, function () {
const mobileWrapper = document.querySelector(“.mobile-player-wrapper.trinity-player-iframe-wrapper”);
if (mobileWrapper) loadTrinityPlayer(mobileWrapper,theme,’&autoplay=1′);
});
}
}
}
}, 100);
});
}
})();
Summarize with AI
Summarize with AI
Makina Finance suffered a flash loan exploit on January 20, resulting in a loss of $4.1 million.
The attacker leveraged MEV bots to front-run transactions, which allowed them to drain 1,299 ETH from the protocol.
Details of the Breach
Blockchain security firm PeckShieldAlert reported on X that Makina Finance was exploited for about 1,299 ETH, worth around $4.13 million. On-chain data shows the attacker targeted the Dialectic USD/USDC Stableswap pool by manipulating its price.
According to CertiKAlert, the breach began with the hacker borrowing a flash loan of 280 million USDC. Using 170 million USDC, they proceeded to manipulate the MachineShareOracle, which the DUSD/USDC pool relies on for pricing. The attacker then swapped 110 million USDC through the pool, extracting roughly $5 million in value.
A MEV bot, operating from address 0xa6c2, front-ran the transaction, executing a series of quick trades that drained about 1,299 ETH from the pool. The stolen funds were later moved to two addresses, with 0xbed2 holding about $3.3 million and 0x573d retaining $880,000.
Makina Finance has since addressed the situation via their social media, stating,
The firm’s team clarified that the issue is limited only to its DUSD liquidity provider positions on Curve, with no signs that other assets or deployments are affected. The team also confirmed the safety of the underlying assets stored in the machines.
You may also like:
As a precaution, security mode has been activated across all machines while the team continues to assess the situation. Liquidity providers in the DUSD Curve pool have also been advised to withdraw their funds.
Elsewhere, CyversAlerts has flagged suspicious transactions involving SynapLogic on Base. Reports indicate that the hacker was initially funded through Tornado Cash on Ethereum before bridging funds to Base using GasZip and later acquired about 144,000 SYP tokens.
However, SynapLogic later confirmed that the issue has been fully resolved, stating that its systems are operating normally and that all user funds remain safe.
Truebit Update
The episode comes barely a week following the first major DeFi hack of 2026. The Truebit Protocol recently experienced a security breach, resulting in the loss of approximately $26.5 million in ETH. Investigations found that the hacker had taken advantage of a vulnerability in the smart contract’s pricing logic, which allowed them to mint TRU tokens at no cost.
Following the exploit, the project’s team announced that it was investigating the situation. At the time of writing, no official recovery plan has been announced, and the exploited funds remain on-chain.
Meanwhile, on-chain security companies like SlowMist and Certik have published post-mortems, warning that outdated Solidity versions remain a systemic risk in DeFi. The former recommended that such systems should be protected using the SafeMath library to prevent logic vulnerabilities caused by integer overflows.
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
Source: https://cryptopotato.com/makina-finance-loses-4-13m-in-flash-loan-exploit-on-curve-pool/
