Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Flash Loan. Show all posts
Liquidity Pool
Cyber Security Finance Sector Financial Loss Flash Loan Flash Loan Attack Illicit Trade Liquidity Pool

Makina Finance Loses $4M in ETH After Flash Loan Price Manipulation Exploit

 

One moment it was operating normally - then suddenly, price feeds went haywire. About 1,299 ETH vanished during what looked like routine activity. That sum now exceeds four million dollars in value. The trigger? A flash loan attack targeting Makina Finance, built on Ethereum. Not a hack of code - but an economic twist inside the system. Security teams such as PeckShield traced moves across the DUSD–DUSDC liquidity pool. Borrowed funds flooded in, shifting valuations without breaking access rules. Prices bent under pressure from artificial trades. Afterward, profits drained off-chain. What stayed behind were distorted reserves and puzzled users. No stolen keys. No failed signatures. Just manipulation riding allowed functions too far. 

The exploit started, researchers say, with a $280 million flash loan taken in USDC. Of that amount, roughly $170 million went toward distorting data from the MachineShareOracle, which sets values for the targeted liquidity pool. With prices artificially raised, trades worth around $110 million passed through the system - leaving over 1,000 ETH missing afterward. What happened fits a known pattern: manipulating value via temporary shifts in market depth. Since Makina's setup depended on immediate price points, sudden influxes of borrowed funds were enough to warp them. Inserting capital, pushing valuations up, then pulling assets out while gains lasted exposed a flaw built into how prices are calculated.  

Even though the exploit worked, the hacker did not receive most of the stolen money. A different actor, an MEV builder, stepped in ahead during the draining transaction and took nearly all the ETH pulled out. According to PeckShield, this twist could make getting back the assets more likely. Yet, there has been no public word from Makina on whether they have reached out to - or even found - the MEV searcher responsible. 

After reviewing what happened, Makina explained the vulnerability only touched its DUSD–DUSDC Curve pool, leaving everything else untouched. Security measures kicked in across all Machines - its smart vault network - as checks continue into how deep the effects go. To stay safe, users putting liquidity in that specific pool got a heads-up to pull out whatever they had left. More details will come once the team learns more through their ongoing review. 

Not long ago, flash loan attacks started showing up more often in DeFi. By October, the Bunni exchange closed for good following one such incident - $8.4 million vanished fast. Its team said restarting safely would mean spending too much on checks and oversight. Just weeks before, another hit struck Shibarium, a layer-two system. That breach pulled out $2.4 million in value almost instantly. 

Even so, wider trends hint at slow progress. Chainalysis notes that losses tied to DeFi stayed modest in 2025, though value held in decentralized systems climbed back near earlier peaks. Despite lingering dangers from flash loans, safeguards within the space seem to be growing more resilient over time.
Read more »
Flash Loan
cryptocurrency hack Cyber Attacks DeFi Platforms Flash Loan

DeFi Protocol Cream Finance Suffers a $130 Million Hack

 

Cream Finance, an Ethereum-based lending and borrowing protocol, has suffered a loan flash assault, losing over $130 million worth of ether and ERC-20 tokens. 

According to Peckshield, a block security firm, threat actors exploited a security loophole in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their possession before splitting them through other wallets.

Following the assault, the value of the Cream LP tokens witnessed a substantial decline of 27 percent and is currently priced at around $111 (roughly Rs. 8,300), as per CoinGecko. The protocol that has over 72,000 followers on Twitter confirmed the attack and revealed that an investigation into the case is underway. 

Additionally, the Cream Finance group is trying to negotiate with the hackers, offering to present them 10% of all of the tokens that had been lost. This is a known strategy that has paid off for some protocols which were exploited in the past. 

Unfortunately, this is the third time Cream Finance suffered a loan flash attack this year, in August threat actors stole $29 million and another $37 million were stolen in February. However, this latest hack is the third-largest Defi hack in history. 

According to a recent report released by CipherTrace, DeFi assaults are becoming very profitable for cybercriminals. The attacks accounted for 76% of all major hacks in 2021 and earned a profit of 361 million.

“By July 2021, DeFi-related hacks total $361 million, already making up three-quarters of the total hack volume this year—a 2.7x increase from 2020. DeFi-related fraud continues to rise, as well. At the time of this report, DeFi-related fraud accounted for 54% of major crypto fraud volume, whereas last year DeFi-related fraud only made up 3% of the year’s total,” states CipherTrace. 

“The three hacks that Cream Finance has experienced are all related to flash loans, and the hackers from the [August attack] returned [most of] the stolen funds,” Sun Huang, general manager and vice president for security development operations at XREX Inc. stated. “This time we can expect the hacker to return as well, especially when the tracking technology for blockchain has become more mature and many could catch the hints and chase down attackers.”
Read more »
Subscribe to: Comments (Atom)