Search This Blog

Popular Posts

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Liquidity Pool. Show all posts
Liquidity Pool
Cyber Security Finance Sector Financial Loss Flash Loan Flash Loan Attack Illicit Trade Liquidity Pool

Makina Finance Loses $4M in ETH After Flash Loan Price Manipulation Exploit

 

One moment it was operating normally - then suddenly, price feeds went haywire. About 1,299 ETH vanished during what looked like routine activity. That sum now exceeds four million dollars in value. The trigger? A flash loan attack targeting Makina Finance, built on Ethereum. Not a hack of code - but an economic twist inside the system. Security teams such as PeckShield traced moves across the DUSD–DUSDC liquidity pool. Borrowed funds flooded in, shifting valuations without breaking access rules. Prices bent under pressure from artificial trades. Afterward, profits drained off-chain. What stayed behind were distorted reserves and puzzled users. No stolen keys. No failed signatures. Just manipulation riding allowed functions too far. 

The exploit started, researchers say, with a $280 million flash loan taken in USDC. Of that amount, roughly $170 million went toward distorting data from the MachineShareOracle, which sets values for the targeted liquidity pool. With prices artificially raised, trades worth around $110 million passed through the system - leaving over 1,000 ETH missing afterward. What happened fits a known pattern: manipulating value via temporary shifts in market depth. Since Makina's setup depended on immediate price points, sudden influxes of borrowed funds were enough to warp them. Inserting capital, pushing valuations up, then pulling assets out while gains lasted exposed a flaw built into how prices are calculated.  

Even though the exploit worked, the hacker did not receive most of the stolen money. A different actor, an MEV builder, stepped in ahead during the draining transaction and took nearly all the ETH pulled out. According to PeckShield, this twist could make getting back the assets more likely. Yet, there has been no public word from Makina on whether they have reached out to - or even found - the MEV searcher responsible. 

After reviewing what happened, Makina explained the vulnerability only touched its DUSD–DUSDC Curve pool, leaving everything else untouched. Security measures kicked in across all Machines - its smart vault network - as checks continue into how deep the effects go. To stay safe, users putting liquidity in that specific pool got a heads-up to pull out whatever they had left. More details will come once the team learns more through their ongoing review. 

Not long ago, flash loan attacks started showing up more often in DeFi. By October, the Bunni exchange closed for good following one such incident - $8.4 million vanished fast. Its team said restarting safely would mean spending too much on checks and oversight. Just weeks before, another hit struck Shibarium, a layer-two system. That breach pulled out $2.4 million in value almost instantly. 

Even so, wider trends hint at slow progress. Chainalysis notes that losses tied to DeFi stayed modest in 2025, though value held in decentralized systems climbed back near earlier peaks. Despite lingering dangers from flash loans, safeguards within the space seem to be growing more resilient over time.
Read more »
Vulnerabilities and Exploits
Binance Coins (BNB) Liquidity Pool PeckShield SafeMoon SafeMoon: WBNB liquidity pool Vulnerabilities and Exploits

SafeMoon: Threat Actors Exploit the “Burn” Bug, Stealing $8.9M From Liquidity Pool


The SafeMoon token liquidity pool lost $8.9 million, after a threat actor took advantage of a recently developed "burn" smart contract function that artificially inflate the token price, enabling the actors to sell SafeMoon at a much higher price. 

SafeMoon confirmed the incident, stating on Twitter that it was working to fix the issue. In another follow up announcement, the company's CEO, John Karony, gave some details on the event, saying that the "DEX is safe" and that it "ultimately affected the SFM:BNB LP pool." 

"We have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit," reads Karony’s statement. 

"Users should be assured that their tokens remain safe. I want to assure you that the other LP pools on the DEX have not been affected, and nor have any of our upcoming upgrades and releases," the announcement continues. 

Details of the Exploit 

PeckShield, a Blockchain security company has released more details in regard to the vulnerability exploited by the attackers to organize the $9 million heist against SafeMoon. 

According to PeckShield, a new SafeMoon smart contract feature, that burns tokens was recently introduced. Unfortunately, the function was mistakenly implemented for public use with no restriction, enabling anyone to use it however they pleased. 

According to earlier statements by Karony, this approach would only be employed in extreme circumstances, such as when the liquidity pool would be threatened by malicious smart contracts, significant slippage, or other transient losses. 

The threat actor made use of this function to burn huge amounts of SafeMoon tokens, which caused the token's price to skyrocket. 

As soon as the price rose, SafeMoon was sold at the inflated price by a different address, depleting the SafeMoon: WBNB liquidity pool of $8.9 million. Following the attack, the hackers apparently converted SafeMoon to BNB. 

Interestingly, researchers discovered a remark appended to a transaction from the second address, stating they were not the original hackers but “accidentally performed a front run” as the price was artificially inflated as a result of the burn() function exploit. The comment seems like an attempt to establish a communication channel between parties: “Hey relax, we are accidently front-run an attack against you, we would like to return the fund, setup secure communication channel , lets talk.” 

Additionally, the wallet owner has since transferred 4,000 Binance Coins (BNB), which are currently worth $1,261,972.52. Although it could appear to be a gesture of goodwill, researchers reacted to the transfer with skepticism, questioning the validity of the second wallet owner's assertions that he was unrelated to the original exploiter.  

Read more »
Subscribe to: Comments (Atom)