Ethereum-based DeFi platform Makina Finance has lost around $4 million worth of ETH following a flash loan exploit. The attack targeted one of the platform’s USDC-related liquidity pools.
Blockchain security firms, including PeckShield, said the attacker used a large flash loan to manipulate prices. The hacker borrowed about $280 million in USDC and used a portion of it to distort price data in Makina’s USD-USDC pool.
After inflating prices, the attacker traded heavily on the pool and drained more than 1,000 ETH. In total, Makina lost 1,299 ETH during the incident.
PeckShield said the issue was caused by a classic price manipulation flaw. The pool relied on spot prices, which were easily influenced by the flash loan activity.
However, most of the stolen funds are not held by the attacker. An MEV builder reportedly frontran the transaction and captured the majority of the ETH instead.
Makina said the exploit was limited to its DUSD-DUSDC pool on Curve. The firm added that other assets on the platform remain safe and unaffected.
As a precaution, Makina has activated security mode on all its smart vaults. It also advised liquidity providers to withdraw any remaining funds from the affected pool.
Flash loan exploits remain a common risk in DeFi, but industry data suggests overall losses declined in 2025. Even so, the Makina incident highlights ongoing security challenges across Ethereum-based platforms.
