Makina has successfully recovered a substantial portion of funds associated with the exploit that occurred on January 20, 2026. This notable recovery effort has led to the return of 920 ETH, marking it as one of the more prominent DeFi recovery initiatives in the current year.
In an update released on January 22, Makina disclosed that approximately 920 ETH was returned by an MEV builder linked to the exploit. This amount is net of a 10% bounty allocated under the SEAL Whitehat Safe Harbor program, illustrating the effectiveness of whitehat interventions in mitigating losses. The recovered ETH constitutes the bulk of the 1,023 ETH initially acquired by the MEV builder, and it represents a significant fraction of the total 1,299 ETH lost during the incident involving the DUSD/USDC Curve pool.
On-chain analysis confirms that the recovered funds have been redirected to a dedicated recovery multisig wallet, which has been established to oversee the restitution process and subsequent actions. However, while this recovery is a positive development, Makina has indicated that efforts to retrieve the remaining funds are ongoing.
Approximately 276 ETH from the exploit has been traced to an address recognized as a Rocket Pool validator. The Makina team is currently striving to establish contact with this entity and has appealed to the community for assistance in identifying the owner of the address. They have reassured stakeholders that updates regarding the distribution methods and timelines for the recovered funds will be provided as soon as feasible.
A recap of the exploit reveals that it specifically targeted the USDC side of Makina”s DUSD/USDC Curve pool, impacting only liquidity providers. Importantly, users holding DUSD, Pendle, or Gearbox positions, along with funds in Makina”s Machines, remained unaffected. Preliminary security measures successfully flagged suspicious activity prior to the exploit, which was ultimately executed by a second address identified as an MEV bot. In response, Makina”s Security Council activated a recovery mode in collaboration with SEAL911 and external auditors to avert additional losses.
The recovery of these funds does not significantly shift the broader narrative regarding the frequency of exploits observed in early 2026. A limited number of protocol-level exploits have accounted for the majority of losses in the space. Makina”s incident stands as one of the most significant DeFi exploits reported this year, alongside notable cases such as those involving Truebit and YO Protocol. Nevertheless, the partial recovery serves to underscore the increasingly vital role of whitehat frameworks and coordinated response strategies in minimizing long-term repercussions.
