Makina Incident Analysis

### Executive Summary On 20 January 2026, MakinaFi's DUSD/USDC Curve pool was exploited via large flash loans and manipulation of Curve-related oracle calculations (calc_withdraw_one_coin and Pool.balance), allowing the attacker to inflate sharePrice and extract ~1,299 ETH (~$4.13M). The report includes a step-by-step transaction flow, attacker and protocol addresses, how Caliber/Machine AUM calculations were manipulated, and post-exploit fund movements and outreach by the team.