DeFi风险警示：MakinaFi DUSD池遭攻击，损失超510万USDC

ZkSnarker · 2026-01-20T07:20:11+00:00

MakinaFi encountered a security incident, and the DUSD Curve pool was hacked, resulting in losses of over 5.1 million USDC. The attack exploited a vulnerability in the price mechanism, highlighting the fragility of price oracles and liquidity calculations in the DeFi ecosystem. The platform has activated safety mode and recommends liquidity providers to withdraw their funds.

ZkSnarker

2026-01-20 07:20:11

Abstract generation in progress

【CryptoWorld】MakinaFi just experienced a security incident, and the situation is not to be taken lightly. The platform’s DUSD Curve pool appears to have been exploited by hackers. Currently, it is preliminarily believed that only the DUSD liquidity position was affected, and no anomalies have been observed in other assets. The official team has urgently activated security mode across all Machines and also recommends DUSD liquidity providers to withdraw their funds immediately as investigations are underway.

The technical details are even more concerning. According to BlockSec analysis, the attacker manipulated the price mechanism to sniper the DUSD pool on Ethereum, directly causing a loss of 5,107,871 USDC for the platform. In simple terms, the vulnerability lies in the getSharePrice() function — which is used to calculate the value of LP assets. Its calculation depends on the current price in the pool. The attacker exploited this flaw by manipulating prices to artificially inflate assets, then performed arbitrage to harvest gains.

This incident highlights a common risk in the DeFi ecosystem: the fragility of price oracles and liquidity calculations. Many projects, when designing asset valuation mechanisms, overly rely on on-chain current prices, leaving room for manipulation. DUSD liquidity providers should stay vigilant, and other DeFi projects should also conduct self-inspections.

ETH-1,22%

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

17 Likes

Reward
17
5
Repost
Share

Comment

0/400

SchroedingerMiner

· 1h ago

Another old trick of price manipulation, the getSharePrice function is just a honey pot. --- 5.1 million gone, LPs are really too unfortunate, they should have looked more at the audit reports. --- Why is it always the Curve pool that has issues? Is this thing really safe? --- The tricks are always the same; hackers have just exploited the code vulnerabilities of these developers. --- Hurry up and withdraw, don’t wait for the official investigation. Self-rescue is the most important thing these days. --- People are still falling for basic vulnerabilities like price manipulation. I just can't hold it anymore. --- Another flashloan fantasy combo. Is DeFi really like this? --- MakinaFi's losses this time are enough to eat a whole pot; investors will have to cut losses again. --- Relying on current price calculations makes the function vulnerable to sniping. It was obvious long ago. --- I told you DeFi is too deep; another bloody lesson.

View OriginalReply0

gaslight_gasfeez

· 01-20 07:50

Another old trick of price manipulation, the getSharePrice pit is really unbeatable.

View OriginalReply0

MidnightGenesis

· 01-20 07:50

It's that getSharePrice() old problem again. From the code, it should have been improved long ago. On-chain data shows the attack occurred at 2 a.m., not surprisingly. I've just reviewed the logic behind this targeted attack. An interesting point is the official "preliminary judgment"—how much slower was the monitoring? It's worth noting that the entire liquidation process only involved three transactions, indicating that someone clearly knew about this vulnerability in advance. Price manipulation caused the LP position to evaporate directly. Based on past experience, this kind of vulnerability should have been caught during auditing long ago. 5.1 million USDC... it's a bit outrageous. Looking back from the contract deployment time, my observation is that the MakinaFi valuation mechanism design is fundamentally flawed. Why are so many people still rushing in?

View OriginalReply0

MeaninglessApe

· 01-20 07:47

Another one? 5.1 million USDC just gone like that, the getSharePrice function is really incredible --- Hacker tricks are all the same, I wonder when they will learn to stop manipulating prices --- Did the LP provider run away... or has it already been completely harvested --- MakinaFi this time is digging its own grave, where is the contract audit --- Damn, it's another price manipulation, DeFi is really hard to defend against --- 5.1 million USDC, how many small retail investors' annual earnings does that represent --- Wait, only DUSD is affected? How do other pools ensure safety... --- This move is really impressive, relying on a single function vulnerability to harvest so much --- I really don't believe in DeFi's "security mode," anyway it's just putting a band-aid on a wound --- What's going on? Has this project been audited before, or is it another audit that was just a formality

View OriginalReply0

fren.eth

· 01-20 07:25

Another one, getSharePrice() such an obvious vulnerability also passes review? Does no one check the code in DeFi?

View OriginalReply0