DeFi News

Makina Recovers 920 ETH: Protocol Dumps Curve for Uniswap After $4M Exploit

An MEV bot "front-ran" the hacker, effectively saving the funds. Now, Makina is activating a recovery plan—but users will need KYC to exit.

Written By:
Dishita Malvania
Makina Finance Details Recovery Plan After 1,299 ETH Exploit

Key Highlights

  • The Interception: An MEV bot front-ran the attacker, securing 1,023 ETH. As of Jan 22, the bot has returned 920 ETH (minus a 10% bounty) to Makina.
  • The Pivot: Citing oracle vulnerabilities, Makina is phasing out its Curve DUSD pool and migrating liquidity to a new fixed-rate Uniswap pool.
  • The Catch: The protocol is in “Recovery Mode” until Jan 26. Redemptions will reopen then, but only for users who complete KYC/AML verification.

Makina Finance, a DeFi platform that specializes in yield-earning stablecoins, has made strong progress in getting back funds after its DUSD/USDC Curve pool was exploited earlier this week. The January 20 incident saw around 1,299 ETH taken from the protocol. By January 22, about 920 ETH had already been returned by the MEV builder involved, after a 10% bounty under the SEAL Whitehat Safe Harbor program. The recovered funds are now securely stored in a dedicated recovery multi-sig wallet, while the team works to recover the remaining 276 ETH that ended up with a Rocket Pool validator.

In an update released on January 21 at 21:00 UTC, the team explained how the attack played out, where the funds moved after the exploit, and what steps are now being taken to recover assets and bring the protocol back to normal functioning. The statement comes after the issue first came to light when unusual activity was detected in the DUSD/USDC liquidity pool.

What happened

According to Makina’s disclosure, the exploit unfolded over a short window of roughly 11 minutes in the early hours of January 20.

At 3:40:23 am UTC, in Ethereum block 24273361, a wallet identified as 0x2F934B0Fd5c4f99BAb37d47604a3a1AEADEF1CCc deployed an unverified smart contract. According to the investigation, the contract was created solely to manipulate prices in the DUSD/USDC pool on Curve, a platform commonly used for stablecoin trading.

In the very next block, an MEV trader spotted the activity and stepped in before the original attacker could complete the transaction. These traders constantly watch the blockchain for profitable openings and jump in when they see one. The transaction was ultimately processed by an MEV builder identified as 0xa6c2.

As a result, most of the extracted funds were split between the MEV builder and the validator that produced the block. On-chain data shows that approximately 1,299 ETH was removed from the pool, with around 1,023 ETH going to the MEV builder and roughly 276 ETH landing with a Rocket Pool validator.

Makina confirmed that the exploit was limited strictly to the USDC side of the DUSD/USDC Curve pool. Other pools connected to the protocol, including DETH/WETH and DBIT/WBTC, were not affected. The protocol also stated that funds held inside the DUSD Machine itself remain secure and that DUSD continues to be fully collateralized.

How the exploit worked

The issue was traced back to a flaw in a Weiroll script used by the DUSD Machine, which handles accounting and collateral management for the stablecoin.

According to Makina, the problem began with a position the protocol held in the MIM-3CRV pool on Curve. The attacker used a flash loan to temporarily push up the price of MIM, which caused the value of that position to rise sharply for a short period of time.

That inflated value was then picked up by the DUSD system and treated as genuine. Because of this, the system believed it was holding more assets than it actually was. This incorrect data later flowed into the pricing oracle, which is used to set the value of DUSD on the Curve pool.

Once the incorrect pricing made its way to the DUSD/USDC pool, the attacker was able to drain USDC at an inflated rate before the system could correct itself.

Makina stated that the issue has been identified and confirmed by external auditors. A patch addressing the vulnerability is currently being developed and has been submitted for audit. A full technical post-mortem is expected to be released once the review process is complete.

Recovery efforts and fund tracking

Makina and Dialectic, the operator of the DUSD Machine, said they are pursuing multiple recovery paths.

The MEV builder has returned roughly 920 ETH of the 1,023 ETH initially received, after a 10% bounty under the SEAL Whitehat Safe Harbor. The recovered funds have been moved to a dedicated recovery multi-sig wallet at 0xc22F7346eaF4340f51513bF9f01e5d722E558AB9.

The team is still working to get back the remaining amount, including roughly 276 ETH that was sent to a Rocket Pool validator (0x573Db3Aed219EfD4D2cDABC0D00366E7B80F910E).

Makina also acknowledged the MEV builder involved (0xbed) for cooperating quickly, noting that this kind of responsible behaviour played a key role in limiting further losses.

In addition, Dialectic confirmed it will return USD 104,491 in liquidity provider fees earned during the exploit window in the MIM-3CRV pool.

A snapshot of the DUSD/USDC Curve pool taken before the exploit will be used to determine the distribution of any recovered funds once the process concludes.

The first involves efforts to recover approximately 1,023 ETH currently held by the MEV builder that executed the transaction. Discussions are ongoing, though no resolution has been announced so far.

The second effort relates to the Rocket Pool validator that received approximately 276 ETH. The validator address involved has been identified as 0x573D, with ownership linked to the address 0x3b6fc5cc2feefc357212617930aedac9493288af. Makina said it is working with external security firms to establish contact with the operator of the validator.

The company has also asked anyone with information that could help identify or contact the validator to reach out through official channels or via security@makina.finance.

In addition, Dialectic confirmed it will return USD 104,491 in liquidity provider fees that were earned by the DUSD Machine during the exploit window from activity in the MIM-3CRV pool.

A snapshot of the DUSD/USDC Curve pool taken before the exploit will be used to determine how any recovered funds are distributed once the recovery process concludes.

Recovery mode and timeline

Following the incident, Makina placed all three Dialectic-operated Machines into Recovery Mode. This temporarily halted redemptions and other protocol actions while the investigation and patch development took place.

The protocol will remain in Recovery Mode until the fix has passed an external audit and completed a mandatory 48-hour timelock period. If no issues arise, Makina is targeting January 26, 2026, for the resumption of normal operations.

Once Recovery Mode is lifted, redemptions will be available only to users who have completed anti-money laundering (AML) and know-your-customer (KYC) checks. Users holding more than USD 100,000 in DUSD and intending to redeem have been asked to begin the verification process through Makina’s Discord support channel.

For users who are not whitelisted, Makina is working to arrange secondary market liquidity, with several liquidity providers already expressing interest.

Curve pool to be phased out

Makina also said that the DUSD/USDC Curve pool will be phased out after the incident. In its place, the team plans to launch a new pool on Uniswap, where users will be able to swap DUSD for USDC at a fixed rate.

The new pool is expected to go live shortly after Recovery Mode is lifted. Further details are expected to be announced once deployment is closer.

Users currently holding DUSD/USDC Curve LP tokens have been advised to withdraw into DUSD. Remaining in the pool will not improve recovery outcomes and may delay participation in any future distribution process.

No impact on other integrations

The protocol also clarified that users holding DUSD through other platforms, including Gearbox and Pendle, are not affected by the Curve pool exploit. Positions linked to PT-DUSD and YT-DUSD have not been impacted by the incident. Users holding these positions can continue to manage them normally, according to the team.

What happens next

Makina said it will continue to share updates as the recovery process moves ahead. The incident adds to the growing list of DeFi hacks seen in early 2026 and once again highlights the risks that come with oracle-based pricing, complex internal accounting, and tightly connected on-chain systems.

For now, it is still unclear how much of the stolen funds can be recovered. The next few days are expected to be important in deciding how the situation unfolds and what the final impact on the protocol will be.

Also Read: Saga Forced to Halt its EVM Network After $7 Million Exploit

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Dishita Malvania - Senior crypto journalist at The Crypto Times
By Dishita Malvania
Follow:
Dishita Malvania is a Crypto Journalist with 3 years of experience covering the evolving landscape of blockchain, Web3, AI, finance, and B2B tech. With a background in Computer Science and Digital Media, she blends technical knowledge with sharp editorial insight. Dishita reports on key developments in the crypto world—including Litecoin, WazirX, Solana, Cardano, and broader blockchain trends—alongside interviews with notable figures in the space. Her work has been referenced by top digital media outlets like Entrepreneur.com, The Independent, The Verge, and Metro.co, especially on trending topics like Elon Musk, memecoins, Trump, and notable rug pulls.

Latest News

Is DeFi Safe $635M Drained in April’s Record-Breaking Attack Wave
Is DeFi Safe? $635M Drained in April’s Record-Breaking Attack Wave
Ripple Warns UK Speed Up Digital Markets or Lose to EU & Singapore
Ripple Warns UK: Speed Up Digital Markets or Lose to EU & Singapore
U.S. Bitcoin ETFs Surge with $1.9 Billion Inflows in April 2026 — Strongest Month Yet
U.S. Bitcoin ETFs Surge with $1.9 Billion Inflows in April 2026 — Strongest Month Yet
India’s ED Widens ₹2,200 Cr HPZ Scam Probe, Uncovers Cross-Border Links
India’s ED Widens ₹2,200 Cr HPZ Scam Probe, Uncovers Cross-Border Links
MEGA Token Goes Live With $1.6B FDV Across Major Exchanges
MEGA Token Goes Live With $1.6B FDV Across Major Exchanges

Find Us on Socials

You may also like