Makina Finance, a protocol known for its advanced yield and asset management tools, has suffered a major security breach. In the early hours of January 20, hackers exploited one of its stablecoin pools. According to blockchain security firm PeckShield, the attackers stole around 1,299 ETH, worth approximately $4.13 million at current prices.
#PeckShieldAlert @makinafi has been exploited for ~1,299 $ETH (~$4.13M).
The hacker was frontrun by MEV Builder (0xa6c2…).
The stolen funds are currently held in 2 addresses:
0xbed2…dE25 ($3.3M) & 0x573d…910e ($880K) pic.twitter.com/Q5WzHpfq7j— PeckShieldAlert (@PeckShieldAlert) January 20, 2026
Details of the Attack
In this incident, the attacker carried out a classic flash loan attack. The exploit targeted Makina Finance’s stablecoin liquidity setup, specifically the DUSD and USDC pool connected to Curve Finance. By borrowing a large amount of capital through flash loans from protocols such as Aave and Morpho, the attacker was able to manipulate token prices across Curve and Uniswap.
As prices shifted, the protocol released 1,299 ETH, valued at over $4 million at the time. The attacker then repaid the flash loan within the same transaction, completing the exploit in seconds.
Meanwhile, MEV bots added another layer of complexity to the attack. These automated programs constantly scan the blockchain for profitable opportunities and attempt to front-run transactions. In this case, they detected the exploit as it was unfolding and rushed to extract value from it. As a result, one MEV builder successfully captured a portion of the gains. This shows how even malicious transactions quickly become competitive on-chain events.
Currently, the stolen ETH is divided across two wallets, holding approximately $3.3 million and $880,000, respectively. So far, the funds have not been mixed or sent through privacy tools, allowing investigators to easily trace their movement. At the time of writing, Makina Finance has not released an official statement.
Phishing Losses and Contract Vulnerabilities
At the same time, the market absorbed another blow tied to phishing and smart contract weaknesses. One user reportedly lost $3.02 million worth of SLVon and XAUt after unknowingly signing multiple malicious phishing signatures. In addition, on-chain investigators revealed that a contract associated with SynapLogic was compromised. This resulted in losses estimated at around $186,000.
Together, these incidents highlight a sobering reality. Despite rapid innovation and growing adoption, DeFi remains vulnerable to phishing attacks, human error, and overlooked contract logic. For both users and developers, stronger security practices are no longer optional—they are essential for survival in today’s volatile market.
Get Trending Crypto News as It Happens. Follow CoinTab News on X (Twitter) Now
Ephraim Emmanuel | March 12, 2026
Mishael Nwani | March 11, 2026
