Makina says it has recovered the bulk of funds stolen in a January exploit, reclaiming roughly 920 ETH of the ~1,299 ETH tied to the incident — one of the more substantial DeFi recovery efforts seen so far in 2026.
What happened
- The exploit occurred on 20 January and affected only the USDC side of Makina’s DUSD/USDC Curve pool; liquidity providers were impacted. DUSD holders, and positions in Pendle, Gearbox and Makina’s Machines were not affected.
- Makina posted an update on 22 January confirming about 920 ETH was returned by an MEV builder involved in the incident. That figure is net of a 10% bounty paid under the SEAL Whitehat Safe Harbor programme, and represents the majority of the roughly 1,023 ETH the MEV builder initially received.
Where the recovered funds are
- On-chain records show the returned ETH was moved into a dedicated recovery multisig set up to manage restitution and next steps.
- Approximately 276 ETH tied to the exploit was traced to an address identified as a Rocket Pool validator. Makina said it is actively trying to contact the entity behind that address and has asked the community for help identifying them.
Security response and next steps
- Makina’s Security Council triggered recovery mode in coordination with SEAL911 and external auditors after suspicious activity was flagged by security tooling. The exploit was ultimately executed by a second address identified as an MEV bot.
- The team says efforts continue to recover the remaining funds and that it will publish details on distribution methods and timelines when practical.
Why this matters
- The incident remains one of the larger DeFi exploits recorded so far this year, alongside cases such as Truebit and YO Protocol, and underscores a persistent pattern in early 2026 where a small number of protocol-level exploits account for most losses.
- The partial recovery — facilitated by a whitehat framework and coordinated response — highlights the growing effectiveness of recovery programmes and community coordination in limiting long-term damage after high-profile DeFi breaches.
Note: This report is informational and not investment advice. Always do your own research before trading or investing in cryptocurrencies.
Read more AI-generated news on: undefined/news
