Defi platform MakinaFi has begun a fund recovery process after being hit by a MEV frontrunning exploit worth $4 million. The protocol said in an official X update that it is exploring two main routes to retrieve the stolen funds — with Ethereum taking centre-stage in both.
In its first major effort, MakinaFi is attempting to coordinate with the attacker(s) hoping to recover approximately ETH 1,023. As of Thursday, ETH is trading at over $3,000 which would amount ETH 1,023 at $3.07 million.
As part of the second leg of its recovery plan, MakinaFi is working at establishing contact with wallet address 0x573D owned by the Rocket Pool Validator that received approximately 276 ETH worth $828,500 as a result of the exploit.
MakinaFi claims that extensive outreach, along with additional forensic analysis in collaboration with external security partners, is underway to establish contact with the owner of 0x573D.
“We are diligently working on the fund recovery effort and will announce the distribution method and timeline for any recovered funds to users in due course.,” it vouched.
MakinaFi security breach: What happened?
Defi protocol MakinaFi faced a MEV frontrunning attack, that led to the theft of ETH 1,299 estimated to be worth $4.13 million dollars.
The stolen ETH assets were promptly rerouted into several wallets, a standard tactic used by notorious actors to make tracking and identifying the perpetrators difficult.
The protocol said in its Wednesday announcement that the exploit involved a number of parties and took place over an approximately 11-minute period.
MEV is an abbreviation for Maximum Extractable Value, and it refers to the value of pending transactions that may be watched and reordered for profit by particular parties, primarily builders or validators. A front-running attack occurs when an attacker executes his transaction before the victim’s, exploiting price movements or smart contract logic. In a MEV frontrunning attack, the attacker takes advantage of a blockchain’s transaction ordering.
Addressing the attack MakinaFi said, “The root cause of the exploit has been identified, and confirmed by our audit partners, to be a vulnerable Weiroll-script used for the internal accounting of a position the DUSD Machine held in the MIM-3CRV pool on Curve.”
MakinaFi sets course for operational recovery solutions
Following the exploit, MakinaFi temporarily halted operations to ensure safety of remaining funds. While the exact details on the total value locked (TVL) on the DeFi protocol remains unclear, reports estimate it to be around over $100 million.
The platform’s Dialectic-operated Machines, used across EVM chains for complex atomic operations without manual intervention, were set in recovery mode as a safety precaution. The move prevented further machine activities during the investigation, including redemptions.
The platform explained that once the recovery mode is turned off, the implementations of the affected contracts will be updated with a patch which addresses the issue.
The development of the patch is currently in progress and it has been submitted for external audit review. Once reviewed and approved, the new contract deployments will be subject to the required timelock of 48 hours.
Subject to the successful completion of the patch audit and deployment, the platform is tentatively targeting Monday, January 26, 2026 to disable recovery mode, which will reactivate redemptions.
For whitelisted users, who have cleared the protocol’s AML/KYC screening, will be eligible to receive redemptions after the recovery mode is deactivated.
For users who are not whitelisted, MakinaFi will provide secondary market liquidity for DUSD given that the platform has a number of parties who have expressed interest to support this as Liquidity Providers.
During this time the remaining Curve pools, DETH/WETH and DBIT/WBTC will be rebalanced to provide users with better liquidity.
Meanwhile, the identity of the attacker remains unknown. Members from the Web3 developer community have been posting their theories of how the attack may have been executed.
The hack of MakinaFi makes for one of the first big ones already logged within the first month of 2026. As per Chainalysis, crypto hackers managed to steal over $3.4 billion in 2025.