hacker cripto

The hunter becomes the hunted: a hacker watches his loot vanish after an attack

By Albertocrypto | Cripto tips | 23 Jan 2026


An attack on Makina, an Ethereum-based decentralized finance platform, ended with a third party capturing most of the loot

 

An attempted exploit against a decentralized finance (DeFi) protocol ended unexpectedly: the original attacker not only failed to steal the funds, but was outmaneuvered by another actor who executed the same attack before him and captured the majority of the loot.

The incident occurred on January 20 and affected the Makina platform, specifically its DUSD/USDC pool on Curve, an Ethereum-based stablecoin exchange protocol. In total, the exploit involved approximately 1,299 ether (ETH), worth about $3.7 million at the time.

According to the Makina team, the attack unfolded in just 11 minutes. The initial hacker deployed an unverified smart contract with the goal of manipulating the reference price (oracle) of the DUSD/USDC pool.

To achieve this, they used a flash loan, which artificially inflated the value of one of the assets involved.

This inflated price propagated through Makina's internal system and ended up being reflected in the Curve pool, opening the door to extracting large amounts of USDC at a distorted exchange rate.

However, before the attacker could fully execute their operation, another actor entered the scene: a MEV (Maximum Extractable Value) seeker. These agents monitor the network in real time and look for profitable transactions to either preempt or reorder them within a block.

In this case, the MEV seeker decompiled the original attacker's contract, replicated the strategy, and executed it first.

The result was that the initial hacker lost the opportunity to keep the funds, which ended up in the hands of the MEV search engine and the actors who participated in the block validation.

Partial recovery and unexpected turn

 

Of the total amount of 1,299 ETH, the majority was captured by the MEV finder and distributed between a block builder and a Rocket Pool validator, who confirmed the block where the transaction was executed.

Two days after the incident, on January 22, Makina reported that the funds held by the block builder had been almost entirely returned.

Specifically, approximately 920 ETH were recovered out of the 1,023 ETH that the actor had received, after deducting a 10% reward granted under a white hat (ethical hacker) program known as SEAL Safe Harbor.

 

Captura de pantalla de una transacción en Ethereum.

 

The recovered funds were transferred to a multi-signature wallet dedicated exclusively to the restitution process, from where they will be distributed to the affected users, according to a pool state log taken before the exploit.

However, the recovery process is not yet complete. Makina reported that they are still trying to establish contact with the Rocket Pool validator operator who received approximately 276 ETH as part of the exploit.

That portion of the loot remains unrecovered.

Finally, the incident was attributed to a bug in an internal script (a set of code instructions) used automatically for the protocol's position accounting, which has been identified and is currently being corrected and audited externally.

Makina announced that it will implement a patch via a protocol update before fully resuming operations.

How do you rate this article?

75


Albertocrypto
Albertocrypto

Crypto enthusiast


Cripto tips
Cripto tips

Trying to provide the help for people starting out in the world of cryptocurrencies that I would have liked to receive.

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.