DeFi execution platform Makina Finance halted operations Tuesday after a flash loan attack drained approximately $5 million from its DUSD/USDC Curve pool. While the exploit vector mirrored a standard oracle manipulation attack, on-chain data suggests an MEV (Maximal Extractable Value) bot may have front-run the original attacker, securing the majority of the stolen funds.
The Receipt
Blockchain security firm CertiK reported that the exploit was triggered by a massive 280 million USDC flash loan. The attacker used this liquidity to skew the price oracle of the DUSD/USDC Curve stablecoin pool, artificially devaluing the assets before draining them.
However, the execution came with a twist. According to AInvest and PeckShield, an MEV builder address (0xa6c2...) appears to have intercepted the transaction flow. Consequently, $4.14 million, the bulk of the lost liquidity, was routed to the builder’s address rather than the exploiter’s wallet.
The attack targeted the non-custodial DeFi execution engine and led to losses of roughly 1,299 ETH.
Protocol in Safe Mode
Makina Finance acknowledged the breach, stating systems are currently in a precautionary "safe mode." The protocol urged liquidity providers to immediately withdraw assets from the compromised DUSD Curve pool.
The incident highlights the growing dominance of generalized front-runners in the DeFi ecosystem. When attackers broadcast exploits to the public mempool rather than using private transaction relays (like Flashbots), automated bots often detect the profit opportunity and execute the same transaction with higher gas fees, effectively stealing from the thief.
