hodler

20 Jan 2026, 15:31

Ethereum DeFi Platform Makina Hit by Flash Loan Exploit, Loses $4M in ETH

The hacker used a flash loan to inflate prices on Makina’s USD-USDC liquidity pool, and then traded to make over $4 million.

20 Jan 2026, 12:50

Kazakhstan implements new AI law to protect citizens’ rights and freedoms

Kazakhstan has taken a major step in human-centered artificial intelligence with its new law on AI, which came into force on January 18. The legislation sets a legal framework that prioritizes individuals, their rights, freedoms, and well-being while regulating the development and use of AI. Core principles of law and fairness, transparency, accountability, and data protection. Citizens will be entitled to know what automated processing is used for and what might happen as a result, and how to protect themselves. AI systems are categorized and ranked by their level of risk and the level of autonomous decision-making capability; this means that AI systems deemed “high risk” will have the highest level of information systems security, similar to those of government-owned organizations. Law to protect citizens and guide AI development In addition to defining the individual responsibilities of AI system owners, operators, and users during the lifecycle of an AI solution, this legislation specifically prohibits the use of AI systems that manipulate an individual’s behavior, discriminate against individuals, exploit an individual’s vulnerability, detect emotions without the individual’s consent, violate data protection laws, or generate prohibited content. Kazakhstan is not the only one, as many other countries are pushing for laws that protect users from deepfakes and other harmful content. For instance, China recently announced new rules that restrict AI chatbots that push users into suicidal emotions, self-harm, and gambling, in a move meant to protect users especially minors. For Kazakhstan, this legislation requires transparency for AI systems and mandates that all synthetic content be clearly identified as such through labels. This law provides that works created with human creativity are copyrightable, while the training of AI with copyrighted material is permissible as long as it is not expressly prohibited by the copyright owner. The Ministry of Artificial Intelligence and Digital Development recommends that AI be developed in compliance with the personal data protection regulations, information security regulations, energy efficiency standards and reduced environmental impact. The Ministry’s overarching goal is to provide individuals with safe, responsible and human-focused AI technology while continuing to foster the innovation of new technologies. Kazakhstan launches AI Governance 500 to train executives According to The Asana Times, the launch of the inaugural group of AI Governance 500, a strategic program aimed at teaching executives how to implement and expand upon AI within governmental organizations, took place on January 19. The program was introduced by Zhaslan Madiyev, who serves as Deputy Prime Minister as well as the Minister for Artificial Intelligence and Digital Development. “The program seeks to create a pool of digital officers capable of systematically implementing AI based on data, a unified architecture, and end-to-end processes.” Madiyev. Around 100 executives from government and quasi-public sectors are participating, covering strategic AI understanding through to applied project development for regional and departmental implementation. Currently, the country is in the early stages of conducting a UNESCO-led assessment to determine the country’s overall preparedness in the area of artificial intelligence. Using the UNESCO Readiness Assessment Methodology (RAM), the assessment will look at all facets of the country’s AI ecosystem , including the legal, social, economic, scientific, educational, and technological aspects. In addition, there will be a National Stakeholder Team, consisting of members from various ministries, universities, private companies, civil society, and international partners. “Practical recommendations will be developed to support a human-centred AI ecosystem,” the Foreign Ministry noted. This project underlines Kazakhstan’s commitment to international cooperation, human rights, and universal values in its AI strategy. The smartest crypto minds already read our newsletter. Want in? Join them .

20 Jan 2026, 10:00

TROVE token’s 97% wipeout: From $11.5 mln presale to rug-pull accusations

TROVE FDV crashed 97% from $20 million to $500k, with investors accusing Trove Market of a rug pull.

20 Jan 2026, 09:50

Makina Finance Loses $4.13M in Flash Loan Exploit On Curve Pool

Makina Finance suffered a flash loan exploit on January 20, resulting in a loss of $4.1 million. The attacker leveraged MEV bots to front-run transactions, which allowed them to drain 1,299 ETH from the protocol. Details of the Breach Blockchain security firm PeckShieldAlert reported on X that Makina Finance was exploited for about 1,299 ETH, worth around $4.13 million. On-chain data shows the attacker targeted the Dialectic USD/USDC Stableswap pool by manipulating its price. According to CertiKAlert, the breach began with the hacker borrowing a flash loan of 280 million USDC. Using 170 million USDC, they proceeded to manipulate the MachineShareOracle, which the DUSD/USDC pool relies on for pricing. The attacker then swapped 110 million USDC through the pool, extracting roughly $5 million in value. A MEV bot, operating from address 0xa6c2, front-ran the transaction, executing a series of quick trades that drained about 1,299 ETH from the pool. The stolen funds were later moved to two addresses, with 0xbed2 holding about $3.3 million and 0x573d retaining $880,000. Makina Finance has since addressed the situation via their social media, stating , “Gmak, early this morning we received reports regarding an incident with the $DUSD Curve pool.” The firm’s team clarified that the issue is limited only to its DUSD liquidity provider positions on Curve, with no signs that other assets or deployments are affected. The team also confirmed the safety of the underlying assets stored in the machines. As a precaution, security mode has been activated across all machines while the team continues to assess the situation. Liquidity providers in the DUSD Curve pool have also been advised to withdraw their funds. Elsewhere, CyversAlerts has flagged suspicious transactions involving SynapLogic on Base. Reports indicate that the hacker was initially funded through Tornado Cash on Ethereum before bridging funds to Base using GasZip and later acquired about 144,000 SYP tokens. However, SynapLogic later confirmed that the issue has been fully resolved, stating that its systems are operating normally and that all user funds remain safe. Truebit Update The episode comes barely a week following the first major DeFi hack of 2026. The Truebit Protocol recently experienced a security breach, resulting in the loss of approximately $26.5 million in ETH. Investigations found that the hacker had taken advantage of a vulnerability in the smart contract’s pricing logic, which allowed them to mint TRU tokens at no cost. Following the exploit, the project’s team announced that it was investigating the situation. At the time of writing, no official recovery plan has been announced, and the exploited funds remain on-chain. Meanwhile, on-chain security companies like SlowMist and Certik have published post-mortems, warning that outdated Solidity versions remain a systemic risk in DeFi. The former recommended that such systems should be protected using the SafeMath library to prevent logic vulnerabilities caused by integer overflows. The post Makina Finance Loses $4.13M in Flash Loan Exploit On Curve Pool appeared first on CryptoPotato .

20 Jan 2026, 09:20

Makina suffers $4.13M exploit in DUSD/USDC Curve pool

Makina, a decentralized finance protocol with automated execution, suffered an exploit early Tuesday morning that drained its DUSD/USDC liquidity pool on Curve, according to blockchain security firm PeckShield. Makina Finance has reportedly lost about 1,299 Ether from its Curve stablecoin pool to hackers. It was valued at about $4.13 million at the time. Per Peckshield’s analysis, attackers breached protocol’s non-custodial liquidity providers on the DUSD/USDC CurveStable pool, which uses an on-chain pricing data feed oracle. Oracles provide smart contracts with external information, such as asset prices, which the hackers exploited mid-transaction and withdrew the tokens at an artificially favorable rate. Makina hacker used flash loans to snipe $5 million away According to a security engineer at CertiK , the perpetrator began by borrowing 280 million USDC without upfront collateral, on the condition that the funds would be repaid in the same transaction. Out of the borrowed amount, about 170 million USDC was used to interfere with the MachineShareOracle, which is responsible for reporting share prices to the pool. After injecting capital borrowed via a flash loan, they were able to temporarily skew the oracle’s price data and trick it into trusting inaccurate pricing information. 🚨 Another exploit today (4.1M): Flashloan + permissionless AUM refresh is a dangerous combo. A share-price oracle was pushed mid-tx, letting a Curve pool pay out at an inflated rate. ~5.1M USDC left the DUSD/USDC pool, the attacker profits about 4.1M. pic.twitter.com/t4RKYoUWDl — n0b0dy (@nn0b0dyyy) January 20, 2026 When the oracle began reporting inflated values, the attacker swapped approximately 110 million USDC against a pool that held only around $5 million in liquidity. Since the pool believed assets were worth more than they actually were, it paid out far more than it should have and emptied itself. “A share-price oracle was pushed mid-tx, letting a Curve pool pay out at an inflated rate. ~5.1M USDC left the DUSD/USDC pool, the attacker profits about 4.1M,” said the security engineer. Makina Finance was launched last February, marketing itself as an institutional-grade DeFi execution engine. According to data from DeFiLlama, the protocol holds approximately $100.49 million in total value locked. MEV builder cut the Makina exploit numbers by $800k The hacker took the DUSD proceeds and swapped them into ether, executing several transactions to consolidate and reposition the assets. However, according to CertiK, the exploit transaction was partially frontrun by an MEV builder. Maximal extractable value is the profit that either block builders and validators can maximize by reordering, injecting, and censoring transactions before being processed on-chain. In this case, an MEV entity identified by the address prefix 0xa6c2 racked up the majority of the value as the exploit played out. CertiK estimated that the MEV builder seized approximately $4.14 million out of the $5 million they had withdrawn from the stablecoin pool. The MEV routing split the remaining ether between two addresses: the first (0xbed) held $3.3 million in ETH, and the other (0x573d) held roughly 276 ETH. At around 6:42 AM UTC Tuesday, Makina Finance wrote a statement on X acknowledging the hack but insisted the issue did not affect the entire protocol’s infrastructure. Gmak, early this morning we received reports regarding an incident with the $DUSD Curve pool At this stage, the issue appears to be isolated to DUSD LP positions on Curve. There is currently no indication that other assets or deployments are affected. Underlying assets held in… — Makina (@makinafi) January 20, 2026 Makina also asked liquidity providers in the DUSD Curve pool to remove their liquidity as it determines “the appropriate next steps for affected users and LPs.” The team also promised to provide the community with more updates as soon as the incident review is complete. The DeFi protocol’s flash loan attack spells doom for a year that crypto users had hoped to walk away from unscathed, after a dreadful 2025 that saw over $3 billion stolen from the market. A Web3 Security and Fraud Report from Cyvers documented 108 fraud and security-related incidents last year, and about $16 billion in crypto assets swindled from at least 140 exchanges and trading platforms. Cyvers also reported more than 4.2 million fraudulent transactions from 780,000 addresses and nearly 19,000 active fraud networks, involving assets such as USDT, ETH, and USDC. If you're reading this, you’re already ahead. Stay there with our newsletter .

20 Jan 2026, 06:26

Ethereum Network Activity Surge Linked to Address Poisoning Attacks: Researcher

A recent spike in activity on the Ethereum network may be partly driven by address poisoning attacks that have become cheaper to execute amid falling transaction fees, according to security researcher Andrey Sergeenkov . Key Takeaways: Part of Ethereum’s recent activity surge may be driven by address poisoning spam rather than organic user growth. Lower gas fees after the Fusaka upgrade have made large-scale poisoning attacks cheaper. More than $740,000 has been stolen via dusting campaigns. The warning follows reports that Ethereum’s network activity retention nearly doubled to 8 million addresses within a month, while daily transactions climbed to a record near 2.9 million. Sergeenkov said the week starting Jan. 12 alone saw around 2.7 million new addresses, roughly 170% above typical levels, alongside daily transactions consistently exceeding 2.5 million. Ethereum Activity Spike May Be Driven by Address Poisoning While the surge initially appeared to signal organic growth, Sergeenkov cautioned that part of the increase could be attributed to large-scale spam campaigns known as address poisoning. These attacks exploit low fees by flooding the network with small transactions designed to trick users rather than facilitate legitimate activity. Address poisoning works by sending tiny transfers from wallet addresses that closely resemble legitimate ones. When users later copy an address from their transaction history, they may unknowingly send funds to the attacker instead. Something extraordinary happened on @Ethereum last week. On Friday, January 16, #Ethereum mainnet hit 2.9M #transactions in a single day (see Chart 1) — a new all-time high per @Etherscan . That activity was accompanied by a sharp jump in daily active addresses: ~1.3M (Chart 2),… pic.twitter.com/8EvKFymfWV — Victor "DeFi Toronto" Li (@CryptoEcon_Li) January 19, 2026 The tactic has grown more economical since Ethereum’s Fusaka upgrade in December, which cut network fees by more than 60% in the following weeks. “Address poisoning has become disproportionately attractive for attackers,” Sergeenkov said, adding that scaling blockchain infrastructure without prioritizing user safety risks distorting headline activity metrics. To track the attacks, Sergeenkov analyzed wallets that received less than $1 as their first stablecoin transaction, identifying clusters of so-called “dust distributor” addresses. He then filtered for those that had sent transactions to more than 10,000 recipients, a pattern consistent with poisoning campaigns. Some of the most active distributor wallets sent dust to more than 400,000 addresses, he said. So far, more than $740,000 has been stolen from at least 116 victims using this method. The findings highlight a tension emerging from Ethereum’s improved efficiency. Lower fees have made the network more accessible for users and developers, but they have also reduced the cost of abuse. Sergeenkov said the episode underscores the need for better wallet-level protections and clearer user warnings, arguing that raw transaction growth alone is not a reliable measure of healthy network adoption. Buterin Says Ethereum Is Entering a New Phase Focused on User Autonomy Ethereum co-founder Vitalik Buterin has framed the moment as more than a technical milestone. In a recent post , he said the community is entering a phase focused on restoring personal autonomy and improving user experience, arguing that earlier compromises made in pursuit of adoption no longer need to define the network’s future. “2026 is the year that we take back lost ground in terms of self-sovereignty and trustlessness,” Buterin said in an X post. Together, record activity, falling fees, and rising participation suggest Ethereum is entering a new phase, one where scale no longer comes at the expense of accessibility. The post Ethereum Network Activity Surge Linked to Address Poisoning Attacks: Researcher appeared first on Cryptonews .