Key Highlights
- The exploit on January 20 drained roughly 1,299 ETH from the DUSD/USDC Curve pool, with the USDC side being affected while DUSD remains fully backed. A ballet of money misdirect, perhaps?
- Recovery efforts focus on reclaiming funds from the MEV builder and Rocket Pool validator, while a snapshot of the pool will guide future distributions. A slow-motion chase, really.
- The DUSD/USDC Curve pool will be retired and replaced with a Uniswap-based fixed-rate pool; other integrations like Gearbox and Pendle remain unaffected. A pivot, not a collapse.
Makina Finance, a DeFi platform that focuses on yield-earning stablecoins, has provided a detailed update after its DUSD/USDC Curve pool was hit by an exploit earlier this week. The incident, which took place on January 20, resulted in the loss of around 1,299 ETH and briefly disrupted some of the protocol’s operations. One might call it a drama of liquidity, though the tragedy is yet to be written.
In an update released on January 21 at 21:00 UTC, the team explained how the attack played out, where the funds moved after the exploit, and what steps are now being taken to recover assets and bring the protocol back to normal functioning. The statement comes after the issue first came to light when unusual activity was detected in the DUSD/USDC liquidity pool. A delightful puzzle for auditors, perhaps, though more costly for participants.
What happened
According to Makina’s disclosure, the exploit unfolded over a short window of roughly eleven minutes in the early hours of January 20. A minor eternity in blockchain terms.
At 3:40:23 am UTC, in Ethereum block 24273361, a wallet identified as 0x2F934B0Fd5c4f99BAb37d47604a3a1AEADEF1CCc deployed an unverified smart contract. According to the investigation, the contract was created solely to manipulate prices in the DUSD/USDC pool on Curve, a platform commonly used for stablecoin trading. A masterstroke of mischief, if one appreciates cruelty to code.
In the very next block, an MEV trader spotted the activity and stepped in before the original attacker could complete the transaction. These traders constantly watch the blockchain for profitable openings and jump in when they see one. The transaction was ultimately processed by an MEV builder identified as 0xa6c2. A silent boxing match of bots, with the loser paying the price.
As a result, most of the extracted funds were split between the MEV builder and the validator that produced the block. On-chain data shows that approximately 1,299 ETH was removed from the pool, with around 1,023 ETH going to the MEV builder and roughly 276 ETH landing with a Rocket Pool validator. A symphony of siphoning, no doubt.
Makina confirmed that the exploit was limited strictly to the USDC side of the DUSD/USDC Curve pool. Other pools connected to the protocol, including DETH/WETH and DBIT/WBTC, were not affected. The protocol also stated that funds held inside the DUSD Machine itself remain secure and that DUSD continues to be fully collateralized. A silver lining for some, a black hole for others.
How the exploit worked
The issue was traced back to a flaw in a Weiroll script used by the DUSD Machine, which handles accounting and collateral management for the stablecoin. A crack in the digital dyke, as one might say.
According to Makina, the problem began with a position the protocol held in the MIM-3CRV pool on Curve. The attacker used a flash loan to temporarily push up the price of MIM, which caused the value of that position to rise sharply for a short period of time. A financial somersault with zero regard for gravity.
That inflated value was then picked up by the DUSD system and treated as genuine. Because of this, the system believed it was holding more assets than it actually was. This incorrect data later flowed into the pricing oracle, which is used to set the value of DUSD on the Curve pool. A game of tag with truth, perhaps.
Once the incorrect pricing made its way to the DUSD/USDC pool, the attacker was able to drain USDC at an inflated rate before the system could correct itself. A hydrant of liquidity, extinguished in haste.
Makina stated that the issue has been identified and confirmed by external auditors. A patch addressing the vulnerability is currently being developed and has been submitted for audit. A full technical post-mortem is expected to be released once the review process is complete. A eulogy for code, written in haste.
Recovery efforts and fund tracking
Makina and Dialectic, the operator of the DUSD Machine, said they are pursuing multiple recovery paths. A bureaucratic ballet of extraction.
The first involves efforts to recover approximately 1,023 ETH currently held by the MEV builder that executed the transaction. Discussions are ongoing, though no resolution has been announced so far. A negotiation over pixels and profit.
The second effort relates to the Rocket Pool validator that received approximately 276 ETH. The validator address involved has been identified as 0x573D, with ownership linked to the address 0x3b6fc5cc2feefc357212617930aedac9493288af. Makina said it is working with external security firms to establish contact with the operator of the validator. A search for Mr. Smith in the chaos.
The company has also asked anyone with information that could help identify or contact the validator to reach out through official channels or via security@makina.finance. A plea, a bounty, a prayer.
In addition, Dialectic confirmed it will return USD 104,491 in liquidity provider fees that were earned by the DUSD Machine during the exploit window from activity in the MIM-3CRV pool. A hand of charity after the hand had bled.
A snapshot of the DUSD/USDC Curve pool taken before the exploit will be used to determine how any recovered funds are distributed once the recovery process concludes. A ledger of fate, written in retrospect.
Recovery mode and timeline
Following the incident, Makina placed all three Dialectic-operated Machines into Recovery Mode. This temporarily halted redemptions and other protocol actions while the investigation and patch development took place. A digital purdah, if you will.
The protocol will remain in Recovery Mode until the fix has passed an external audit and completed a mandatory 48-hour timelock period. If no issues arise, Makina is targeting January 26, 2026, for the resumption of normal operations. A resurrection date, meticulously scheduled.
Once Recovery Mode is lifted, redemptions will be available only to users who have completed AML and KYC checks. Users holding more than USD 100,000 in DUSD and intending to redeem have been asked to begin the verification process through Makina’s Discord support channel. A gatekeeping.mañana with compliance paper.
For users who are not whitelisted, Makina is working to arrange secondary market liquidity, with several liquidity providers already expressing interest. A patchwork of parities, perhaps.
Curve pool to be phased out
Makina also said that the DUSD/USDC Curve pool will be phased out after the incident. In its place, the team plans to launch a new pool on Uniswap, where users will be able to swap DUSD for USDC at a fixed rate. A pivot, not a surrender.
The new pool is expected to go live shortly after Recovery Mode is lifted. Further details are expected to be announced once deployment is closer. A promise distilled in a roadmap.
Users currently holding DUSD/USDC Curve LP tokens have been advised to withdraw into DUSD. Remaining in the pool will not improve recovery outcomes and may delay participation in any future distribution process. A retreat whispered by necessity.
No impact on other integrations
The protocol clarified that users holding DUSD through other platforms, including Gearbox and Pendle, are not affected by the Curve pool exploit. Positions linked to PT-DUSD and YT-DUSD have not been impacted by the incident. Users holding these positions can continue to manage them normally, according to the team. A silver lining, perhaps, for the optimistically uninvolved.
What happens next
Makina said it will continue to share updates as the recovery process moves ahead. The incident adds to the growing list of DeFi hacks seen in early 2026 and once again highlights the risks that come with oracle-based pricing, complex internal accounting, and tightly connected on-chain systems. A litany of “I told you so” for the patriarchy of parasols.
For now, it is still unclear how much of the stolen funds can be recovered. The next few days are expected to be important in deciding how the situation unfolds and what the final impact on the protocol will be. A cliffhanger, written in hashed hex.
Read More
- You Won’t Believe How Kite Just Raised $18M To Make The Web Smarter (And Maybe Richer)
- Gold Rate Forecast
- Silver Rate Forecast
- Brent Oil Forecast
- BNB PREDICTION. BNB cryptocurrency
- Crypto’s Grand Ball: Whales Flee, PUMP Sits Alone 🕺💸
- ATOM PREDICTION. ATOM cryptocurrency
- DOGE PREDICTION. DOGE cryptocurrency
- Square’s Bitcoin Bonanza: Merchants Go Crypto Crazy! 🤯💰
- 🕵️♂️ SEAL Unveils Phishing Buster: Scammers Tremble! 🤑
2026-01-23 10:29