Makina has recovered a majority of funds linked to its 20 January exploit, marking one of the more substantial DeFi recovery efforts seen so far in 2026.
920 ETH returned under whitehat framework
In an update shared on 22 January, Makina confirmed that approximately 920 ETH has been returned by an MEV builder involved in the exploit, net of a 10% bounty awarded under the SEAL Whitehat Safe Harbor programme.
The returned amount represents the majority of the 1,023 ETH initially received by the MEV builder, and a significant portion of the ~1,299 ETH total exploit tied to the DUSD/USDC Curve pool incident on 20 January.
On-chain data shows the recovered funds were transferred to a dedicated recovery multisig, established to manage restitution and next steps.
Recovery remains incomplete
While the recovery marks meaningful progress, Makina said efforts are ongoing to retrieve the remaining funds.
Roughly 276 ETH linked to the exploit was sent to an address identified as a Rocket Pool validator.
The team stated that it is actively working to establish contact and has requested assistance from the community in identifying the entity associated with the address.
Makina added that details on distribution methods and timelines for recovered funds will be shared once practical, noting that the process remains active.
Makina exploit recap
As previously reported, the exploit affected only the USDC side of Makina’s DUSD/USDC Curve pool and was isolated to liquidity providers.
Users holding DUSD, Pendle, or Gearbox positions, as well as funds within Makina’s Machines, were not impacted.
Security tooling flagged suspicious activity shortly before the exploit, which was ultimately executed by a second address identified as an MEV bot.
Makina’s Security Council triggered recovery mode in coordination with SEAL911 and external auditors to prevent further losses.
Early 2026 exploit trend remains intact
The recovery does not materially alter the broader pattern observed in early 2026, where a small number of protocol-level exploits account for the majority of losses.
Makina’s incident remains among the larger DeFi exploits recorded this year, alongside cases such as Truebit and YO Protocol.
However, the partial recovery highlights the growing role of whitehat frameworks and coordinated response mechanisms in limiting long-term damage.
Final Thoughts
- Makina’s recovery of roughly 920 ETH demonstrates how whitehat processes can materially reduce losses, even in high-impact DeFi exploits.
- While recovery efforts continue, the incident reinforces that exploit risk in 2026 remains concentrated in a handful of protocol failures rather than systemic breakdowns.